The tensions and trade-offs related to data, the most valuable resource in the digital economy, are huge. The exponential growth of data is driving the interest in using it in marketing strategies and as amplifiers to spread the political and ideological messages. The exploitation of big data causes concerns about privacy, compliance, liability, information security and confidentiality. Because of its high value it is often worthwhile for other parties to chase after it, even by illegal means like data theft and economic espionage. At the same time, there is currently no broader legal or practical consensus on non-personal data governance, thus national authorities are taking the matters in their own hands by coming up with national frameworks. Also, data sovereignty and security are at the top of the EU agenda, as shown in the European Strategy for Data that includes the creation of common European data spaces aiming to boost EU data-driven economy.
The topic of data governance is very broad and complex. During the webinar the following aspects were highlighted: the complexity of data ecosystem, data ownership, European approach to data and data for common good.
Each of the topics is elaborated below. As one of the main goals of the meeting was to clarify challenges and important points in the discussion on the subject of data governance, very often more questions than answers appeared. We believe that this approach stimulates and serves public debate by boosting the need for a multi-stakeholder approach and by demonstrating the key aspects for further discussion.
THE COMPLEXITY OF DATA ECOSYSTEM
The connectivity is going to be the driver of digital economy. 5G, when widely rolled out, will fuel the growth of the Internet of Things. In Europe, the number of mobile IoT connections is set to grow from 140 million devices in 2018 to nearly 740 million by 2026. All those connections will generate data that will eventually become resource for data analytics and for the AI-based solutions. 5G fueling IoT and IoT fueling AI will become a powerful circle creating new opportunities for the global competitiveness of the European industries. It is important to underline that the relations between those technologies strongly depend on high level of cybersecurity. In this regard, with more data and more access point to the omnipresent devices, infrastructure vulnerabilities must be absolutely minimised. Data, as powerful as it might be, is not an end in itself and must be treated as an enabler for the future business models and must be supported by complementary initiatives.
In the data-driven economy, big data gives possibilities to expand businesses and enhance market influence. It is also creating new sources of revenue as data itself becomes the subject of transactions. Companies collecting and managing data oftentimes require users to hand over some rights in exchange for the use of their services. This brings up questions on the ownership of data and whether it is possible to empower users to also benefit from the data they provide in addition to the regular use of the platform’s services. In the traditional approach, users are giving up their data and their digital traces in exchange for the convenience of “free” services while platforms are earning money on the aggregated data, mostly through the advertising. In the last couple of years, however, it has become clear how valuable the data can be and what are the inherent security concerns. The problem is amplified by the fact that a handful of existing services are very dominant and it is hard to find competitive solutions that would offer the same services but with a different approach to data governance. On the other hand, while it might be easy to set the value of the aggregated data, there is no simple way to price the data per unit, thus, the compensation to users seems extremely challenging. Even considering that there is a market-created tool that might appraise the individual pieces of data that users are creating, the question arises on who and how should arbitrate this process.
EUROPEAN APPROACH TO DATA
In the Recovery Plan for Europe the European Commission underlined the need to invest more in connectivity and in the European industrial and technological performance, which overall are having spill-over effects on the EU’s strategic autonomy. Digital economy, especially technologies such as AI, cloud and quantum computing, but also the development of digital infrastructure and next generation networks are all drivers for data production and flow, as well as engines of innovation and job creation. Thus, in the coming months the legislative actions will be taken as part of, among others, European Strategy for Data, Digital Services Act, EU industrial strategy or White Paper on AI. Data was put by the EC at the heart of the recovery for Europe in order to rebuild the single market and also to make it more green and digital. Boosting the data economy is the cornerstone of having Europe’s digital leadership ambition fulfilled. The ambitious goals of the Commission to use measures to remove existing barriers to data sharing, to data pooling, and also to scale up in a coordinated way including the building of the European cloud system must be translated into concrete actions in order to stay globally competitive. It is crucial to support European industry in the sectoral common data spaces. The data exchange solution will be in this regard a great boost to businesses and to the SMEs to scale up without additional huge costs. An important component is also the promotion of business to government and business to business data frameworks (also in the light of the current European Recovery Plan). The advantage of European digital strategies also lies in the values which are always given priority. One of the greatest strengths of the EU – the regulatory power – not only influences the ecosystem in the Member States but also resonates externally. Users’ trust in this regard is very important and might become a driver of the competitive data industry which might not be the case in other places of the world where the data handling is not subject to transparent rules. Thus, creating secure and trust-based solutions at the heart of the data governance rules might influence other players on a global scale.
Digital infrastructure and cloud services, which are crucial for data processing and storage, are becoming part of strategic autonomy and also determinant of sovereignty. Cloud market is currently very much concentrated in the hands of non-European companies, thus EU has started to push forward the initiatives (such as Gaia-X) aiming at boosting competitiveness in the market and also set the rules regarding data governance. There are, however, the questions on how to build right and effective coalitions which take bold actions both at the level of private-public partnerships and between the countries. While it might seem easy to call for an alliance of like-minded countries, the practical dimension of the cooperation that requires aligning industrial policies and balancing policy interests is very difficult.
DATA FOR COMMON GOOD
With its characteristics of a public good, data should be used in ways that maximise sustainable wealth creation within society. One of the emerging trends in this area is data democratisation and open data movements – the process of ensuring universal barrier-free access to data, resulting in potential efficiency and productivity increases. It eventually leads to the perception of data rather like water, oxygen or sunlight (instead of oil, as a widely repeated metaphor goes). In the light of the COVID-19 crisis, the power of data was broadly understood and brought light to the importance of how data can guide public policy decisions. Anonymised and aggregated data from the networks is being used to help the health authorities to understand if the lockdown measures are effective and what territories are more at risk. Apart from emergency situations, the aggregated and anonymised data might be used for example for city transportation and mobility plans. Encouraging companies to share technology and data for the benefit of societies is a very important task for governments, which should influence this process by creating the legal conditions and incentivising industry. Data rewards collaboration rather than protective policies. Good data governance structure will enable Europe to set up norms, standards and value-based solutions that could enhance the region’s global impact and shape a security ecosystem.
Join us at the panel discussion at the CYBERSEC GLOBAL 2020 which will further explore the topic of data governance.
- Izabela Albrycht– Chair, The Kosciuszko Institute; President, Organising Committee of the European Cybersecurity Forum – CYBERSEC
- Tadeusz Chomicki– Ambassador for Cyber & Tech Affairs, Security Policy Department, Polish Ministry of Foreign Affairs
- Paul Cornish– Visiting Professor, LSE IDEAS, London School of Economics
- Lise Fuhr– Director General, ETNO
- Paolo Grassia– Director of Public Policy, ETNO
- Andrew Hodgkins– Chief of Staff, NATO CI CoE
- Ciaran Martin– CEO, National Cyber Security Centre of the UK
- Mimi Nguyen– Data Policy Officer, NATO HQ
- Mariusz Nogaj– Deputy Director, NATO CI CoE
- Christopher Painter– President, The Global Forum on Cyber Expertise; Commissioner, Global Commission on Stability of Cyberspace; Former Coordinator for Cyber Issues, US State Department
- Luigi Rebuffi– Secretary General, European Cyber Security Organisation
- Barbara Sztokfisz– CYBERSEC Programme Director
- Joanna Świątkowska– Assistant Professor, AGH University of Science and Technology; Initiator & Former CYBERSEC Programme Director (2014–2019)
- Paul Timmers– Research Associate, Oxford University; Former Director, Sustainable & Secure Society Directorate, DG CONNECT, European Commission
- Jean-Christophe Le Toquin– President, Cybersecurity and Cybercrime Advisors Network; Coordinator, Encryption Europe
- Jakub Turowski – Head of Public Policy for Poland, Baltics, Romania and Bulgaria, Facebook