4 minute read
Data Governance
Erosion of trust is a global leitmotif of the digital age. As just illustrated, digital contracts and interactions among citizens, communities, and consumers, on the one hand, and public and private organizations, on the other, are increasingly shaped by the rights and safeguards pertaining to the collection, use, sharing, and governance of data. Other aspects of data in the human development sectors also deserve attention.
DATA RIGHTS
The “rights-based” approach to data enshrines the principle that personal data are not owned. Instead, they are an extension of oneself. The objective of this approach is to reverse the power asymmetry between data subjects and the third parties profiting from their data. An individual may give consent for the use of his or her data, or use of the data may meet the criteria for a third party to “control” personal data for a particular use. From the perspective of human capital empowerment, the question of what happens to the data being collected, shared, and analyzed is critical. Data collection often occurs involuntarily, imperceptibly, or in the course of routine digital activities, but with pro forma “consent” as a prerequisite for accessing services and goods.
Thus terms such as data colonialism have begun to surface in the policy literature as international firms collect and “own” or “appropriate” vast amounts of data about a country’s citizens and other assets (Coleman 2019; Couldry and Mejias 2019). This practice runs the risk of the country and its citizens becoming data-dependent on foreign entities able to extract value and exercise influence and power through the data.
This issue is particularly relevant to tribal and indigenous populations, which too often have been subjected to data collection as an instrument of oppression. Data initiatives must take special note of the historical circumstances and legal rights of these groups. Issues to note include ownership and use of data related to the communities themselves and to their cultural and environmental assets. Indigenous data sovereignty (IDS)—“the right of Indigenous peoples to control data from and about their communities and lands, articulating both individual and collective rights to data access and to privacy”12—is a model framework for maximizing the benefit of open data for Indigenous peoples and other users of Indigenous data.
The issue of data rights will also affect the cultural assets of linguistic and other minorities. Although they face daunting disadvantages in the online world because of their limited presence, there is also the danger that without adequate protections their knowledge can be appropriated and used more widely.13
A highly charged issue and an important area for policy development is the use of children’s data. Children’s earliest digital identity is typically created by others, well before the children themselves understand its implications or can provide their consent. In most
cases, children are unaware of the implications of their digital participation because of their own digital illiteracy and the inscrutability of digital platforms. In response, some data protection and consumer protection regimes have created a heightened obligation for digital platforms to ensure the lawfulness of children’s consent. However, the approach must be balanced in practice with freedom of online speech.
Legal protections for individuals and population groups, especially those that are vulnerable and historically disadvantaged with limited access to enforcement of their rights, should focus on the issues of proportionality, purpose limitations, and data minimization. For example, is the pervasive collection of cognitive, emotional, and behavioral data from children through so-called affective computing algorithms necessary for successful education? Are ubiquitous facial recognition, drone monitoring, and sentiment analysis required for specific purposes that can be clearly delineated? Such protections are essential for building the trust of communities that technologies are being deployed for purposes that are beneficial to them.
DATA ETHICS
Data ethics has become a major policy area as understanding of both the positive and negative potential of data-driven decision-making, especially via Al, has expanded and the need to address the moral dimensions of data has become more acute. Data ethics is critical in the health, education, and social protection sectors in which vulnerable populations have relatively less autonomy and are exposed to significant harm if data processors mishandle their information (Wade 2007). Crafting meaningful ethical data guidelines for use by practitioners requires avoiding the tendency to overlegislate to address every possible instance of misuse, which may deter innovation, while providing advice on essential safeguards. Furthermore, the incorporation of data ethics into education and training curricula should receive greater attention going forward.
THE CURRENT STATE OF DATA PROTECTION IN SOUTH ASIA
In general, South Asia’s legal and regulatory environment for personal data is underdeveloped and lacks implementation and enforcement. For example, some countries, including Afghanistan, Bangladesh, India, and Pakistan, lack comprehensive data protection legislation.14
Even so, progress is being made. Nepal and Sri Lanka have enacted comprehensive data protection legislation and created special categories of “sensitive” data, which receive heightened protection. These categories typically include information related to ethnicity, political affiliation, biometrics, and genetics. Other countries are in the process of enacting comprehensive data protection legislation. Personal Data Protection Bill 2019 is currently pending in the Indian parliament. In Pakistan, such a bill was introduced in its parliament in 2018. These bills typically create user rights and privacy
