2 minute read
Table 2. Data stewardship in data governance framework
Data stewardship requires trust between users and providers and thereby strengthens nonprice competition for data privacy as firms face increasing pressure to offer data protection or transparency measures. Stewardship status delineates rights enshrined in privacy, consumer protection, bank secrecy, and data security laws. Data stewardship principles must be spelled out in specific privacy regulations, which are typically based on transparency, accountability, interoperability, and ability of the consumer to see the data collected about them, dispute their accuracy, and control how the information is used or shared. Table 2 depicts data stewardship as one dimension of a data governance framework conceptualized as a two-by-two matrix, with data categorized as private or public and, on the second dimension, as being “traditional” or “new.” Examples of data types are indicated in each of the four cells of the matrix.
Table 2. Data stewardship in data governance framework
Types of data Public Data stewardship Private
Traditional
New
Source: Cusolito et al. 2022. Census, household surveys, national accounts, enterprise surveys
Any survey conducted by private entities, including public opinion surveys deployed by private entities (e.g., Gallup)
E-government digital platforms, digital identification, face recognition from public cameras, public procurement data, voter data, criminal records Just-in-time data from private digital platforms, social media behavior, purchasing history, pricing algorithms, machine learning data sets
This framework is appealing because it allows regulation of digital platforms to highlight trade-offs in choices concerning data governance approaches, trade-offs in allocation of the gains from data sharing, and concerns over privacy and cybersecurity. Digital platforms create value, but they also aggregate a large amount of personal information, which raises privacy concerns. For example, when a private entity produces data—traditional or new—the public may have an interest in regulating its use, such as when there are concerns about privacy; however, there is a governance trade-off between allowing data sharing across private entities (which can bring about economic gains) and negative spillovers beyond privacy concerns, such as cybersecurity risks or disinformation. For this reason, an emerging legal literature argues that data regulations can borrow concepts from environmental protection regulations and laws (Ben-Shahar 2019). The concept of “data pollution” refers to negative externalities produced by excessive data sharing or lack of information privacy that consumers often experience with digital products. The large-scale aggregation of personal data could be both a threat to individuals’ integrity and a public good such as national security.
In the public sector, civil registration and digital identification are two of the most important enablers of digital services, but they should be governed with relevant data protection laws and regulations to ensure that only a minimum amount of data is shared. The laws governing digital identification should give people the ability to select the data they want to disclose, with simple means to correct inaccurate data and to know what data are being held about them and who has access to the information. The World Bank Identity for Development Initiative identifies several challenges that can affect development of digital identification systems, including risk of exclusion, security violations, vendor or technology lockin, weak civil registration systems, limited connectivity infrastructure, low literacy, low trust in government capacity and regulatory services, and insufficient national cybersecurity capacity (World Bank 2019c).
Efforts are under way in several countries to establish or update data governance frameworks. The Arab Republic of Egypt, for example, passed a law to adopt new data protection legislation to attract offshore data center businesses.
