IGF 2019 – Day 2 – Raum II – WS #191 Public Interest Data: Where Are We? To Do What?

The following are the outputs of the real-time captioning taken during the Fourteenth Annual Meeting of the Internet Governance Forum (IGF) in Berlin, Germany, from 25 to 29 November 2019. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 



>> MODERATOR:  Good morning.  I suggest we begin now so we can finish on time.  Well, very glad to have this session about public interest data in an Internet Governance Forum.  So I am Laurent.  I am an administrative judge in France in the Council of states.  And I have worked on the subject of public interest data and I will moderate this debate.  I will make a very short introduction.  What are we talking about in public interest data?  Well, most of us are very familiar with the notion of open data because there has been a lot of discussion for ten years.  Open data is usually public data, data owned by the state, by cities, but in the last few years the awareness that some private data, data owned by companies, by NGOs.  There can also be some public interest, some general interest to share it.  For various public interest goals to promote public health, to protect environment, to foster competition, innovation.  So that's what we will discuss today.  I give just two examples to introduce the session.  First example it is something called open food facts.  Maybe some of you have heard about it.  It is just a group of benevolent citizens who have started to track what ingredients any product.  So they have made a huge database of what's in the food.  And so it helps any citizen, any consumer to know what is healthy to eat and some very successful apps have been devised using this data.  So first example.  Another example is mobile phone data which is more and more used by operators to give some insights about how the people move and it is very interesting for many, many actors and some mobile phone operators sell this data to help, for example, the cities make some open planning.  So with these two examples we have a first idea about the potential, the public interest potential of this private data and also we see that there are various models about data sharing.

So the first one is non‑profit, no cost data sharing.  The second one is it is for profit selling this data.  So we will have these questions to discuss.  What is the potential of public interest data sharing which regulation, which economic model, which safeguards for data protection.  So we discuss this.  In order to let you the public have some time to ask us questions which is always the most interesting part, we have ‑‑ we will have two sessions.

So the first session is about the public debate, about this subject.  So we will have first a member of the French Digital Council who will talk about environmental data.  Lucien Castex from Internet Society France who will talk about the issues about AI, Artificial Intelligence.  And Luca Belli who has just joined us, hi Luca, who will talk about the articulation between open data and the public interest data sharing.  So anyone will have ‑‑ any of you will have nine minutes, not ten.  And I will be very strict.  And then you will have ten minutes to ask questions about this first session.

And then we move to the second session, which will be about regulation action, how do we act about this subject.  And we will have two presentations by communications regulators in Senegal, by Mr. Diallo and in France by Sebastien Soriano and last but not least Francesca Bria who is the CTO of the city of Barcelona and who will tell us about what you are doing in Barcelona.  Okay.  Thanks a lot.  And I give the floor to Annie.

>> Thank you for this introduction of the panel.  I'm very honored to have the opportunity to speak about our action as a French Digital Council on environment and digital.  The French Digital Council is an independent advisory commission appointed by the French Digital Ministry.  We help the French Government.  So this Council created a special Working Group on digitalization and environment.  And the three pillars are to create a national and European roadmap for an ecological, a French position on artificial intelligence and digital and doctrine on the concept of data of general interest applied to environment data.  So this presentation does not deal with the opening of public data but with the opening of private data.  And data are crucial and they can be put at the service of ecological transition.  They support public decision making innovative solutions for enterprises, citizens and empowerment.  But to fight against climate change we need structural changes and digitalization that offers the opportunity to optimize the change.  Keep in mind that we have never had so well clarified role of humans in global warming without accelerating the adoption of the relevant measures.

So now a few words about the work of the French Digital Council on the environment data.  So this data have a natural tendency to be described as data of general interest.  First, it is important to define environmental data, their production, the legal framework before used in order to build real concepts.  So we find definitions in different legal instruments that provide for the opening of public data according to the Convention or French environmental code.  There are different categories of environmental informations, the state of the element of environment such as air and water landscape and also the states of human health activities and measures.  Thus environmental data have a transversal ‑‑ the general interest approach calls for a more larger definition.  Most of the data on health and other agriculture are no part of this definition as well as data that can become environmental data even if they are collected for another purpose, in particular data concerning mobility.  So this definition includes state and also realtime flows.  It clearly appears that environmental data are linked to specific territories and that they have an infrastructural signification.

On the other hand, the environmental data can be personal data in certain cases.  This data are produced by different actors associations, companies, citizens.  For instance, in France a large amount of data are collected by natural institutions.  Then they can also be coproduced and they will more ‑‑ be more and more captured by machines.  There is a large variety of data, value added data even if data are not supposed to speak for themselves.

Concerning the legal regime, there are different legal bases for this data from collection to sharing, law contracts, litigation, indeed environmental data can benefit from different legal protections.  So what about the ‑‑ concerning this data?  General interest is at the heart of the legal status of environmental data.  The general interest looks like ‑‑ that's the reason why there are Conventions, provides rights of everyone to receive environmental data.  That is held by public authorities.  And it provides the right to participate in environmental decision making.  So this data have a natural vocation to be qualified as data of general interest and to be accessible.  This stems from the availability in the nature we pick them and from the different users they allow.  At the international level, certain data are in a sense a common heritage of humanity.  This is the case of the moon and other celestial bodies.  At the French level according to our environmental charter which has a constitutional value the environment is a common good for human beings.  Does this mean that environmental data must be considered as commons?  This is not so easy.

We need to consolidate the public interest served by disclosure or opening of data and the private or commercial interest served by the refusal to disclose.  Sharing from private actors to Government raises less concern than data sharing among economic actors.  Concerning the first case, the French bill for Digital Republic is very innovative insofar as it provides an obligation to publish data for some private companies in certain cases.  But general interest does not automatically mean opening.  On the contrary, it must mean more control over the data.  Speaking about general interest should not be making us forget that the data are at the heart of competition and geopolitical issues.  We identify the risk of appropriation or reappropriation of environmental data by the digital giants made by Chinese and American, which are, for example, partnering with large traditional agricultural groups or supporting startups that receive commercial offers.  For example, in the agricultural field Alibaba has partnered with biologists for agriculture products.  So the general interest can order more control over the data.

For example, some naturalistic data are considered as being sensitive and need to be blocked in order to protect, for example, endangered species.  Some data are even considered as being sovereign.  This is the case of the so‑called geographic data.  This data good decision making of the public authorities and these authorities must not depend on anyone for their availability.  Here the localization issue is very important.  That's why several scenarios can be established for data of general environmental interest.  There is the legislative ‑‑ I have just three more.  First the legislative approach for the sharing of data from companies to the Government, this could be an extension of provisions relating to the digital public.  Sectorial laws should be part of a global framework that provides procedure and substantive conditions.  There is the contractual approach especially for business to business data sharing.  This can be a nonbinding approach or a binding one on the basis of competition law.  And third, this is my last word, there is a project based approach and in this case the public actors would ask to share that of private actors for a specific purpose of general interest.  For example, the fight against the erosion of biodiversity and the judge has a role to play concerning the access to studies on the impact of ‑‑ very recently the general court of the European Union considered that the question that the public interest is more important than the protection of the commercial interest of the companies in question since the public interest is even presumed concerned emissions in the environment.

So to conclude, we need, first of all, to understand practices in order to build a position on this type of datas of general interest.  Thank you.

>> MODERATOR:  Thanks a lot, Annie, for the words and for giving a good example for time keeping.  So I give the mic to Lucien.

>> LUCIEN DIAS:  Thank you, Mr. Chair.  I will try to be on time.  Well, public interest data basically I will try to go two points.  Producing data and it is important to ‑‑ emerging technologies.  And two, what issues can we spot on legal and ethical concerns.  What can we discuss following what Annie just said?  So first, on the prediction of data, well, if you want to foster a data driven decision making basically you need more data.  And you need to be able to basically to walk with it.  You need to be able to access it to be able to enrich it.  And two of the major points are the quality of the data basically.  And that such data needs to be up to date.  It is particularly concerning when you use data with big machine learning algorithms because well, if the data is not up to date basically you might have a wrong decision made of that data.  And obviously also there is a large variety of data.

First granularity, when you analyze data, what granularity do you want, at which point.  So analysis.  As begging the question, what to do with coproduced data.  What to do when the data is combined and then what to do about the sharing if somebody is applauding content, for example, on social media is doing research over some search engine.  Well, the data is enriched by every new search.  So you need to be able basically to exploit it.  You need to be able to control it, to have some transparency of it.  As you heard as any present it quickly, we have in France a French Act in 2016 for a Digital Republic which allows Government to request commercial actors to give access to the data for statistic purposes.  And the law is asking well, you need impact studies to know what kind of data you might use.  Then you need transparency of such impact studies.  Also and this is the main issue, should you extend such access to other kind of data.  For example, what about research.  You need to be able, for example, to have public funded research so you can control.  You can understand how it is working.  And if you are based on machine learning algorithm, I will mention earlier you need to access the data to be able to understand how the data is used in such algorithms.  Public research might need such access to be able to control and to basically do research studies and impact studies.  If you train algorithms, well, algorithms need data.  And if you don't have such data you can train algorithms and you are back on to quality of data, if the data is of poor quality.  If the data is not updated, you are lacking behind in terms of Artificial Intelligence and basically it has a direct commercial impact.  And well, it might be also a good idea to have such data made available so new actors can come in the market and well, train algorithms and develop new services and enter competition.

Still you need ‑‑ well, you need a coherent framework and that's my main point on the legal issue, you need a transversal framework.  We can work at the French level.  We have a number of legislations, Laurent and Annie presented a few of them.  We have personal data and nonpersonal data and GDPR.  We have the French law and a number of other legislation and provisions.  But well, basically we need a transversal approach throughout the European Union and basically allowing a common approach of Big Data.  Also in France we have a national AI strategy including the need to share datasets for public authorities.  But when you have data saving the public interest, health care, AI, as you say, Annie, environmental protection, you need a wider dataset possible to produce competition.  And you are stuck with a problem of sensitive data.  If you consider sensitive data and personal data, well, you are obviously considering IoT, Internet of Things.  Can you use the data of objects to, for example, improve health care?  Are practitioners allowed to use such data, to improve a hospital will treat the patient?  And is the data available?  And that's a main issue.

As you presented, Laurent, and with Internet Society in France and also with the French Commission and it is the main issue of Artificial Intelligence we just started to work of the Human Rights impact of Artificial Intelligence.  And that's clearly the main limit.  What can you do with the data?  How to make it transparent so that every actor can use it and enter the competition.  Thank you.

>> MODERATOR:  Thanks a lot.


>> MODERATOR:  Now for the last intervention, about debates going on about data sharing for public interest, Luca.

>> LUCA BELLI:  Okay.  It is already working.  Good morning to everyone and I apologize for the delay.  I was in another session that ended with some delay.  I had to run here.  Please excuse me if I was the last one arriving.  My name is Luca Belli.  I am a Professor of Internet government and legislation.  The ‑‑ my point basically today is that in order to regulate or understand the kind of value and kind of mindset we need to utilize private data for the public interest, we should learn from the experiences that we already have to avoid making the same mistakes and try to have a strategy, because almost everything in life if you have a strategy, and if you study what happened before, you maximize the chances of success.  So I think, first of all, what is important to stress is that the fact that private data exists does not mean that they automatically will generate value.  Of course, they are extremely important because they may help solving a lot of problems mainly for statistical purposes, mainly in Developing Countries where official public statistics are maybe lacking or incomplete or of low quality.  So integrating them with private data is extremely meaningful.  Can allow us to understand a lot about our lives, our environments, our societies, our economies.  And therefore they have a huge potential, but on the other hand, data they are not inherently valuable.  They are only valuable once they are processed and once one designs a way to process them that produces value and generates insights.

So the fact that the mere data, the raw data themselves are not so valuable.  What is valuable is the inferences, the knowledge that one is able to extract from them.  The second point that I would like to stress is that a lot of what we are trying to understand now about private data and how they could be utilized for private ‑‑ for public interest already resonates with the open data movement that try to understand how publicly generated data could be used to generate value, could be opened for the general public to utilize them for other purposes.

Now this again opening public data does not mean that they automatically generate value as some were arguing like they could go.  We have seen that they only generate value when people and the data processor has good strategy to make them generate value.  What is interesting also for ‑‑ from the open data movement is that the open data have been defined to help us a lot to understand how private data should be considered and should be framed in order to be useful for the private interest.  Open data are usually the public data that are released in a digital format structure in ‑‑ structured in an open format available online released with open licenses so that people can make the wider use the free use of the data.  All these elements are easier to implement with publicly organized produced health data much more complicated to implement with private data, especially when we still lack regulation on how to do it.

And here are some challenges that I would like to stress.  First of all, private data as the objective suggests, are private and not open public.  They have to be ‑‑ the private corporations that collect and generate them may be reluctant to share them.  Unless there is specific regulation and policies require them to share them they will not share them because they may reveal sensitive information to competitors which is a very legitimate reason not to reveal data.  And on the other hand, opening private data represents a cost, a cost on different levels.

First of all, you have to respect existing regulation.  A lot of private data are intimately intertwined with personal data.  And a private corporation sharing personal data previously collected for nonspecified purposes with Government may raise a lot of alerts in the mind of everyone who cares for data protection and privacy.  So the shortcut to this would be either having law that's specifically defined the purposes for which those data should be shared and how, which would comply with many of the existing regulations on data protection.  And the other shortcut is anonymized data, for example, in the newly approved General Data Protection Regulation, general data protection law in Brazil that will enter in to force.  Article 12 explicitly states they are not personal data.  The problem, of course, is that anonymization has a cost and there are very few ‑‑ there are already some corporations like IBM Microsoft that are experimenting to process data and those techniques very costly and only a few actors have them and this represents a cost.

A further cost may be the fact that all data that are collected are not usually collected and structured in an integral format.  If you don't have interoperability it is highly difficult to share data and again this can be easily solved by defining what are the standards for interoperability, but since those are not defined, a corporation would have to guess which format would have to adopt.  Again taking the Brazilian case as an example, these interoperable standards would be defined about data regulator which according to the new law will have the possibility to define interoperability standards to allow data portability which is a new right under Article 18 of the law.  But that is something hypothetical so far.  So to have this concretely it is necessary to have strategies policies and regulation that define how to overcome these obstacles.  I don't know how much time I still have, but I will ‑‑

>> MODERATOR:  Two minutes.

>> LUCA BELLI:  So I will wrap up providing a good example of how this could work in practice.  There was a partnership designed by the Rio de Janeiro Government.  It was designed by my colleague, it was the previous chief data officer of the municipal Government.  And it was very successful because it allows ‑‑ it allowed ways to share data on traffic with the municipal Government and therefore the municipal Government could plan ‑‑ you could develop urban planning considering realtime data.  And therefore, being much more efficient in targeting traffic and reducing carbon emission.  This is a very good example of this could work in practice and the partnership was replicated in many cities.  First it was labelled connected citizens and relabeled ways for citizens.  So these are the benefits.

On the other hand, we ‑‑ if we look at this specific case we also can have some red flags popping up because this partnership was defining total lack of data protection regulation.  In 2013 Brazil did not have a data protection law, even in the general framework for Internet rights was not yet approve at the time.  It may be something happening also in other places in the world.

So to wrap up, to conclude I think there is an incredible potential in this but to ‑‑ as any other thing I think with regard to technology one has to have vision and strategy.  And then if necessary, regulate or coregulate in the way in which the interaction between the private sector and public sector maximizes the benefits for people and reduces the cost for the private sector.  Thank you very much.


>> MODERATOR:  Thanks a lot.  I think with these three interventions we already have lots of food for thought and discussion.  So feel free to raise your hand.  I will take a few questions before letting the speakers answer.  Yes.  Okay.

>> AUDIENCE:  (Off microphone)  Can I be heard?  Thanks for the interventions.  My question is particularly to you but anyone feel free to contribute.

>> Microphone is on.

>> AUDIENCE:  Should I continue from here?

>> MODERATOR:  As you like.

>> AUDIENCE:  Well, it was ‑‑

>> We can't hear you?

>> AUDIENCE:  You hear me now?  Thank you.  So just continuing with all these different categories of data that you are presenting to us which was very learning.  It was very nice.  I would like to ask you, on the open data ecosystem and we ‑‑ when we are talking about the personal data that's also being part of this context of open data, and in particular the ones that are held by the public sector, my question is in your opinion shouldn't we also consider not only the what and how, but also the who.  I mean who is going to access and process this data because I mean it is very interesting and very important but also what exactly, for example, law enforcement authorities will be using this data for.  Shouldn't this be transparent.  This is quite a rhetorical question, but I would like to hear some enlightenments on that.

>> MODERATOR:  Thanks a lot.  There is a mic working in this part of the room.  And this one may be also.

>> AUDIENCE:  Veronica from Algorithm Watch.  Two questions.  It has been shown over and over again that it is relatively easy to re‑engineer reverse engineer anonymization.  How do we deal with that.  And the second larger point is how do we deal with private company using public or open data and gaining a profit from it.  What kind of licensing can we put in place that private companies don't profit from our data?  Thank you.

>> MODERATOR:  Okay.  Maybe we take these three first questions.  So who would like to answer?  Yeah, Luca.

>> LUCA BELLI:  The first question is it is not really rhetorical.  It be public or private corporation.  Public organ, public body, analyzing, collecting, processing data.  They will still have obligations.  So under almost any data protection framework in the world there are more than one in 30 countries having that protection frameworks, they usually apply to both private and public sectors.  So the fact that you use data originated by private corporations and repurpose, if you want it does not entail a waiver on the responsibilities of the data controllers, the data ‑‑ all the elements of data protection ecosystem.  In many countries this will be also be a data protection officer.  For instance, in Brazil it will be mandatory for everyone collecting data and making use of data which is a way to make sure that a country that has not had a data protection culture like in Europe or data protection regulation is something that happens since more than 20 years will be able to cope with the increasing complexity of handling very sensitive information.

To answer to the other question, I think that I'm not sure it is the approach I would suggest to license public open data in a way in which the private sector cannot make profit.  The goal is not to avoid the private sector.  The goal is to avoid any risks for people.  The fact is that one generates profit with own private activity is not something illegal.  What is illegal is to undermine the protections established by all.

So again all this is quite simple to say, it is prescribed by law.  Also the fact that anonymization is an exception.  I am not saying it is smart.  I think it is quite oversimplification to state that anonmyization will allow you to be free from any constraint.  It is almost universally proven that no anonmyization technique will not be reversely engineered or proven wrong in minimal lapse of time.  So yes, there are a lot of ‑‑ that is exactly the reason why I think that a strategy to cope with these examples notice long term is necessary.  What the knowledge we have now scientifically speaking may be outdated in a couple of years.  And we cannot renew things every year legally speaking.  Therefore it is necessary to have long‑term vision and to have people that understand what they are doing.  And they will sustainably cope with these challenges.  Sorry if I spoke too much.  I speak too much.

>> MODERATOR:  Thank you.  But you answered the three questions in one answer.  So that's great.  Yes, next questions.  In the back.

>> AUDIENCE:  On the left.

>> MODERATOR:  Sorry and then in the back of the room.

>> AUDIENCE:  I don't understand making money out of public data.  So don't understand why it is not only illegal to use open data to make profit, but it is I think it is one of the ideas of using open data.  And because if people earn money they can pay taxes.  That's what I wanted to say to the first part.  But also this is in saying that how to eat an elephant piece by piece.  So I think we all know that already on a national level it is quite difficult to organize this big field of open data and interest, open interest data.  And so therefore I should think that if we want to organize this on an international global level we have to think and organize modular.  We have privately produced commercially produced and publicly produced data and sharing and enabling of the use of the data.  And we all know that in the past the open data which was freed, to make even more profit and because we forget to enable the people to use open data.

So it has to be in the beginning that we make sure that using open data and enabling everyone to use open data is essential for the next level of using open data as a global society.  But also when we go to the sharing part I mean in Germany we have competition laws.  It is not only privacy laws trying to regulate the only thing with competition laws.  We need to act in a modular way to organize and ask the question what kind of data we want to free.  Because if we leave that to the lawyers, I think we will still fight in ten years about freeing data.  So for me a Working Group which thinks of a modular way to organize the whole thing should be something coming out of a session like this.

>> MODERATOR:  Okay.  Thanks a lot for this ‑‑ it was more propositions than a question.  But it is quite interesting.  Going step ‑‑

>> AUDIENCE:  Shall we do it like this, question.

>> MODERATOR:  Okay.  Next question.

>> AUDIENCE:  I will try to be more short on my question.  My question is basically how to separate between public data or private data or how much data is enough data and where does private data end and public data begins.  And this question who owns that data because I mean every data can be used for public information or public use.  My GPS coordinates could be used to improve transport systems.  But it could also be misused to track where I am staying at the moment and potentially arrest me for different reasons.  How much data is enough data and how to be sure it is not misused.  Thank you.

>> MODERATOR:  Okay.  Important question.  Who wants to answer it?  Maybe I just say a few words about this one.  Data is versatile because it can be moved easily and reused for a different purpose.  Now there is this notion of public data, at least in your public authorities to open the data.  This is where public data.  But also entities, private companies don't have the same kind of obligations.  And that's what we are discussing about.  That's where the limit is.  So you want to add something, Annie?  And then we move to the next session.

>> Sometimes you are right it is not so easy to distinguish between private professional data and public.  And I would like to say that the way the data are produced is very important.  And if the citizens participates a lot, so the data must be more open and also when geo enterprises are appropriate the data they must be more open.  It is very important key issue.

>> MODERATOR:  Okay.

>> Need for transparency, we are joint here.  It could be multi‑stakeholder so we can control how it is used.

>> MODERATOR:  Okay.  Thanks a lot.  We will move to the next session.  And before giving the floor to Mr. Diallo I would like to thank because I forgot to do this first, Mary Lou who is not one of the speakers but who has engineered the panel.  And so it's because of her that we are all here today.  So thanks for her.  And Mr. Diallo, we move to the questions of how the regulation is implemented in the field of communications by example how it uses data to deliver better regulation.  And so you can talk.

>> CHERIF DIALLO:  Thank you.  Thank you, sir.  Good morning, everyone.  My name is Cherif Diallo.  I am a professor from the University in Senegal.  My specific focus on public interest data in the situation of Senegal country.

To introduce my speech in Senegal in mid 2017 a cooperation was launched between the national agency for demography.  Sent out a file to retrieve data on private subscribers whose name who has been replaced by a certain name.  Once aggregated this information makes it possible to identify the needs of population.  So you can evaluate during the time to real market.  This project called open algorithm for data decision was supported by the France development agency, the World Bank, and global partnership for sustainable development data.  It is a network of 720 partners from Government, private companies, university to promote the use of data for public good.

So public interest data in Senegal forward, data collected by the private sector will help predicting epidemic spreading, pandemic, rumor propagation, movements of people in private situation and sharing data can also save lives from information sold by a mobile operator, for example, it would be possible to improve road safety.  Sharing of medical analyst data could help better refine research for the manifestation.  The need to define and regulate modalities of data sharing is an opportunity for Senegal now.

But we have to do this in two ways.  Technically ways and legally ways.  Technical ways are several ways to share data while respecting their confidentiality.  The software approach and hardware approach.  In software approach we can use some techniques as amorphic encryption and make it possible to creation of specific memory zones.  So legally on the other hand, legally the sharing of personal data could be based on the right to portability.  This right to portability could pursue a citizen objective and an economic one.  In Senegal what is the state actually of public interest data?  In Senegal there is no legal framework on the domain of public interest data.  Consequently it is a unregulated domain and the personal data protection law framework is too restrictive to help emerging solution from ‑‑ from public interest data.  This may handle the sharing of public interest data, also there are important results project that recalls opening provision and sharing of a public interest data.

So there are some implementation challenges.  There remains, in fact, to define standards for interoperability data exchange.  We must let mayors agree sector by sector or in a transversal approach to ‑‑ on just perform low portability but the share of data between organizations.  Several sharing scenarios could be implemented including one called citizen portability.  Citizen could authorize the portability of their data to the benefit of mission of public interest.  This could be facilitated by the establishment of appropriate legal framework.

To continue implement challenges update the legal framework taking in to account the specific related to public interest data is on an important part.  So you could also take in to account the links and dependencies with other ICT laws.  And then relax the personal data protection law by including the opening, sharing data and making available of public interest data.  You must also take in to account the needs of research for the accompaniment of public policies.  And then we should also establish a regulatory framework trusts framework for public interest data.  This is some ideas I would like to share with you this morning.  Thank you very much for your attention.


>> MODERATOR:  Thanks a lot, Professor Cherif Diallo, for this very interesting and concrete presentation.  So now I give the mic to Sebastien Soriano who will talk about data regulation by data in France.

>> SEBASTIEN SORIANO:  Yes, thank you very much.  I'm happy to be here.  Hello, everybody.  And thank you for still being there for most ‑‑ sorry, I'm a regulator.  So I know it is quite boring to hear regulators.  So thank you for being there.

>> MODERATOR:  That's a hard part.

>> SEBASTIEN SORIANO:  Yeah, actually what we are trying to do with data as a regulator it can be seen as a use case of using data for public interest.  We as regulators we are in contact with companies that are gathering data.  So in the telecom sector as Laurent introduced, telecom companies are gathering data about the geo localization of people, for instance.  And the question is at what extent can we use our mandatory regime, our regulation to extract data from this company to publish this data or to impose obligation of sharing this data.  So this is basically the question.  So we have done a work with eight French regulators.  Sorry.  All are French.  But we have been working in very different sectors.  So the financial sector and the AG sector and the transport sector, the telecom sector, competition, privacy and sorry for the eight, I am forgetting.  And so we have defined a common approach about how we can use data as a regulator.  So we call this regulating with data.

So first regulating with data is different from a simple transparency.  So transparency when you impose to a company to publish several information.  When you regulate with data the information is passing through the regulator.  And the regulator is making several choices about what kind of data are of more or less interest.  The regulator can aggregate the data and republish the data under several formats.  I will give you several examples.  So in France we have ‑‑ we have been publishing data about coverage maps of mobile operators.  So many regulators are doing this.  And so we have mandated the operator to give us the coverage data with very ‑‑ so it is not binary information.  Like coverage or not coverage.  We have imposed several levels of quality.  So it is not coverage, limited coverage, and normal coverage and good coverage.  So we aggregate this data.  This data is given by the operators to RCPT.  We are verifying the information.  So we are making private tests.  We send cars on all the roads of France to verify the information.  This is paid by the operators.  It is quite expensive, but we are choosing the audit company.  And we are writing all the rules of the audit of the control.  And then we publish the information, open data about the network coverage.

To make this data really meaningful for people you have to fulfill the gap between the complex information we publish and the real experience of people.  To do that, we are working and the other form of partnerships with several startup applications that provide this service.  So I give you the example of one company.  The company is Cosby.  It is a French company.  So this company they install a mobile tracker.  It is full GDPR compliant.  Install a tracker that is following you during one week and thanks to that they can issue, you can see a coverage map of viewpoint.  You can see on my mobile.  This is my coverage map in Paris.  This is the places that I sleep.  I live.  I work.  The transport I am taking.  Thanks to this information I will not do it here because we are in Germany.  You can launch a system that will issue the ranking of deep operator that is linked to your personal map.  So it means that the information you will get is not only what's the best operator on a national average in France.  It will tell you which is the best operator for you.  And it is not always the same.  It is not always the same.  So, for instance, I made the test a few minutes ago about which is the best operator here in the place.  So you can see you have the ranking of the German operators in this hotel, for instance.  I am sure if you are trying in another hotel, in another place it would not be T‑Mobile.  You bring to people really relevant information.  Telecom companies in France are not only competing on prices, prices are very important but also completing about coverage and quality.  During this summer one telecom company in France have advertised about the fact that they were the best company in rural areas in terms of quality of the Internet.  So this is typically the kind of data driven regulation or program of regulating with the data we can implement.

And another example, classical example is in the financial sector.  So in the financial sector you know there are systemic banks where the regulator is accessing to data in realtime about what is happening to the company.  They can ‑‑ and then mandate several behaviors to the company if there are problems.  And generally speaking they can gather data and then use Big Data algorithm to look at the data.  This is the way that regulators  use the data.  We have in France a law that is under discussion about the new mobilities.  And this law will empower our transport regulator colleague to mandate the transport company to share of the data between each other.  So this would be a very interesting example.  We will see how it works.  So today it is a little bit early.  And the scope of what is transport company, of course, has to be discussed.  For example, is ways transport company.  This is a big question.

What I find interesting in this law if it is passed, of course, is that in the end it will be in the hands of the regulator to decide what is reasonable to share and possibly at which economic conditions because it is not necessary for free.  So it will be a case by case approach and thanks to that we can hope to build progressively a kind of jurisprudence of what ‑‑ how the good balance between the economic interest of the companies that have gathered the data, but still the necessity to share the data for public.  So thank you for your attention.  And I'm happy to answer possible questions later.


>> MODERATOR:  Thanks a lot, Sebastien.  Now to our last intervention by Francesca Bria.

>> FRANCESCA BRIA:  Thank you.  Last but not least.  Yes, first of all, it is great to be here.  Thanks for coming to the workshop.  I'm going to actually in this workshop be representing I am now ‑‑ I have been four years the chief technology and digital innovation officer of the city of Barcelona, but I now work as the senior digital advisor of UN Habitat that deals with cities.  And the UN has been promoting a big coalition where they are now a part of over 60 cities which are implementing a novel approach to the data sovereignty and to the Smart City.  So I'm now working in this new capacity.  And I also lead the decode project which is a European Commission funded project, one of the flagship projects to experience data sovereignty for citizens in Europe.

I will discuss the importance in the moment where I think it is very critical when Europe is proposed to lead the way when it comes to digital sovereignty and data sovereignty for citizens as a comprehensive approach.  I think that the role of cities is critical because cities are on the ground, very close to citizens remaining Democratic trust and then enabling citizen empowerment and citizen participation and cities can also prototype practical approaches to move from large like high level regulation and policy proposals to experimenting, practical approaches, scale it up, see what works and what doesn't.  And very importantly involving and engaging citizens in the process which I think it is a matter of democracy, but it enables us to show when we are talking about data in a digital society we are talking about access to fundamental services, health care, education, transportation.  The access to data and connectivity and Artificial Intelligence means access to city services and to fundamental services and infrastructure for citizens.

So we have to put at the very core coparative approaches to solving really important problems and urban challenges like sustainable mobility and fight again climate change, better education and housing, all these big challenges are going to require that we are able to mobilize collective resources which I think data is a very important one.  We have to as policymakers be able to see data as a very important collective resource that can generate public value.  Not only private profit for very few players.

So I will share some of the experiments that we have been running in Barcelona for the last four years and tell you how the approaches can be scaled at the European level and hopefully globally.  We have been implementing a model.  And we declared that data produced by citizens belong to citizens, which is the raw material of the Digital Economy.  It fuels Artificial Intelligence and unfortunately it is controlled by very few companies globally.  So we have been betting on a new model which is will data be controlled by big businesses, by the state or by citizens.  And we declared that this data produced by citizens belongs to citizens.  So the immense economic value that such data represents is returned back to citizens in order to do that we had to change the old deals between city halls and private sector partners.  Public procurement became a big core of our reforms.  So we have introduced data sovereignty clauses in a way that any supplier that worked for the city of Barcelona must give back the data to gather to deliver service in readable format.  Of course, we are also putting ethics privacy and security by design at the very core of how we develop these services.  Ethics and security has to be delivered by default to the citizens which means it has to be embedded in technology infrastructure.  We develop a blockchain and distributed ledger infrastructure and new cryptography protocol.  What data to keep private and share and with who and on what terms.  We have done this through the decode project and encryption should be considered a human right in the digital society.  So also before we talked about homomorphic encryption.  It is high science but this is widespread.  In the European Union we found through Horizon 2020 which is our big research and innovation program a lot of projects and research institutions.  And we have some of the best privacy and researchers in the world which are producing these technologies that can be used and deployed.  In fact, now Barcelona and Amsterdam are developing this infrastructure.  We have 14 partners that are using these tools and they can be scaled.  This decode privacy announcing data infrastructure links to very basic services in the city of Barcelona.  It links to our citizen participatory platform and reduced by 400,000 citizens to cocreate the policy of city of Barcelona.  And 70% of the action plan of Barcelona came from directly citizens because everything is that participatory digital platform.  This platform is built with open source.  It has data portability.  It is privacy announcing and decentralized, enables us to create civic alternatives of the likes of Facebook which is a platform that favor the manipulation and commercial exploitation of personal information.  Move away from that model.

Privacy being protected by the type of infrastructure we use.  We have also been experimenting this approach with IoT platforms.  So Barcelona as an Internet of Things platform is very pervasive which returns on top of 700 kilometers of public fiber.  Enable us to monitor water management and mobility and transportation and lifting to make it more sustainable and efficient, fight climate change because we can see how much CO2 emission we consume.

So maybe we are moving from like regulating with data to making effective public policies with data that can really serve the interests of citizens.  So with a decode project we enable citizens to censor their data.  To measure CO2 pollution or noise but they could share this data securely and decide with whom they want to share this data.  Maybe they want to share data with city hall or with their community, but they don't want this data to end up with advertisers or with an insurance company.  This enabled data sharing at large scale but also protecting the fundamental rights of citizens.  It can be implemented.  Regulating data access and imposing data sharing mandates for over the top players.  Interested to see where the French law will go because this enables better regulation but also better competition.  And this will also promote the sharing of anonymized data and algorithms so that cities can create open and shared services with that data.  That can be used by European SMEs, public administrations and non‑profits.

Now in my role with United Nations UN Habitat, our program where we are trying to pilot a new framework program to promote Smart Cities and inclusive digital cities around the world we can take principles of the city's coalition for digital rights that support the fundamental rights of citizens right to privacy, information, self‑determination to anonymity but also large scale sharing of data for public purpose.  We could scale it and prototype it so that it can work for all citizens and so that digitalization becomes really a core of future public policies.  And I think just my last remark would be that public contracting rules reform could really facilitate to introduce some of these changes in public procurement processes and enabling, create capacity building also for the public sector workers because, of course, any digital transformation it is not about technology.  It is about cultural change.  It is about capacity building and organizational transformation.

So obviously we are going to have to invest a lot in education and understanding how different approaches can work for the money.  So we have digitalization that serves the purpose of improving cities and creating better services and improving the lives of citizens.  Thank you.


>> MODERATOR:  Thanks a lot, Francesca, for the concrete and principle ways for the presentation.  Now the floor is yours for any questions you have.  We will take ten minutes for the questions.  And then I will make a short wrap‑up and conclusion.

>> AUDIENCE:  Thanks for those insights.  Would you please like to elaborate a bit how we can transform that at a European level and how that complies with GDPR and what could be changed in the next GDPR revision to foster this change in this public direction?  Thanks.

>> MODERATOR:  Okay.  We will take just a few questions and then we will answer.  Other questions?  Yes.

>> AUDIENCE:  Thank you.  My question is more for regulators.  My name is Lucas.  I am working with a social business working in 30 countries with mobile telecom operators mostly in Africa and Asia.  What is an E1 and Serb and how is the technology working?

So the question is for you what do you think is needed to enable regulators not only in France, but in Developing Countries where a lot of data mining is going on right now to actually live up to that standard and live up to that vision that you both had shared.  And to eventually turn data in to a public good and not a near colonial commodity.

>> MODERATOR:  Okay.  And third question?

>> AUDIENCE:  Yes, hello.  I have a question for Francesca and also for the regulator, regarding transport operator data.  So I understand that you would impose regulating such data by private transport operator because they are operating in the city which is like the common shared space.  How do you deal with the arguments of the private operators?  What is the incentive?  Are there economic incentives or any other forms of way to convince that data sharing is good for everyone in the city?  Thanks.

>> MODERATOR:  Okay.  So maybe Francesca and then Cherif and Sebastien.

>> FRANCESCA BRIA:  Yes.  So the first one about the European approach and GDPR, so I really believe that the question around GDPR is enforcing GDPR in an effective way.  It is a huge step forward to understand, you know, our rights to data and people as rights in the digital society.  The problem is how are we implementing it.  So projects like decode, create infrastructures that are able to enforce the GDPR.  So we are working with creating this centralized privacy announcing and cryptographic technology that enables citizens to exercise their rights in the digital world.  These tools need to be created.  This is part of investment which I think it has to be public investment but also private investment in to this next generation technologies that are going to be privacy announcing and rights preserving.  And the European Commission is presenting here the next generation Internet program that goes in that direction.  And there are a lot of initiatives and talent in building blockchains that could be used for the purpose of creating more rights.

So to answer it to you I think scaling what cities are already demonstrating and testing at a European level but understanding that this data sovereignty cannot be just one centralized Big Data lake governed by the states.  I mean this has to be people first.  It has to empower citizens.  And it has to decentralize the data economy to create more opportunity and to protect citizen rights.

Now the approach that could be scaled prototype around the world where cities are very, very important.  Then to the transport question, this is very interesting.  So I think now here we have to experiment with many different things because nobody knows what will work and what doesn't work.  So again I think experimentation is a good way forward.

So the approach of Barcelona up to now has been working a lot with public procurement and I think it is very effective, but it doesn't cover the entire issues.  So public procurement, you know how much Government spends in public procurement, a lot.  It is a big majority of how we spend our budget.  If you start implementing those rules in the public procurement process it aligns a lot of operators.  And then you start internally to the public operators as the French regulator is doing to basically see how they can share data and data interoperability and data portability and giving back the data so it becomes a public infrastructure.  I mean as an effect of this policy Barcelona now sa a team data office with 40 people and, you know, they are working on machine learning, Artificial Intelligence to use data for better policies and services.  I think it is working very well.

One quick point, I think a big challenge for cities is using data for regulating platform.  This should be at the national or European level.  The cities have been the ones most impacted by the platform economy.  Urban and Airbnb had a massive impact on affordable housing but also on transportation of the main cities of the world.  What cities have done, they joined forces.  Barcelona is promoting the sharing cities coalition which has been discussed at the Smart City expo this month and are sharing approaches of how to deal with this.  If we can't access the data of the platform we cannot regulate.  It is important to see what's in and what's out.  Because how can you do meaningful regulation and meaningful policies if you don't know what the problem is.  So it is a matter of understanding and, you know, the access to data I think it can favor much better policies and better regulations.

>> MODERATOR:  Thanks a lot.  Sebastien and Cherif, do you want to add a few points?

>> CHERIF DIALLO:  Thank you.  I want to add one point for regulation for Developing Countries.  I would like to say that for Developing Countries there is a need of international cooperation also because many companies from Europe or America are manipulating data from other countries without regulatory framework or ethical point to take in to account.  So in this way I think the African union organization could help to raise this question and to have a good cooperation with European countries and the Council of Europe.  Thank you.

>> MODERATOR:  Okay.

>> Yes, I fully agree.  And regarding the question of empowering the regulators of Developing Countries, so we are ‑‑ we have a network of French speaking regulators.  The name of the network is Fratel.  So we have a website.  And we have issued ‑‑ so I was the Chairman of this network this year.  And we have issued a complete report about how to use the data as a telecom regulator.  Today what we see in Developing Countries is that actually regulators have very extensive access to data of the operators.  But often they are not publishing it in a way that is ‑‑ that makes sense for people.  So they are publishing it to make simple Excel sheets, whether it would make sense to publish maps.  We are providing tools to accompany our colleagues.  And we are in discussion with the French development bank and also the World Bank about making this information more available and to accompany interested parties.  But yes, that is an important topic.  And I'm happy to have any partners interested in this room to continue to spread these good practices.

And regarding the question of what is the interest of private companies to share data.  If they are interested to share data, maybe it is not the most interesting data.  So I think ‑‑ yeah.  So I think you need a regulator in the room and you need to mandate the data sharing.  That's where I see a compliment approach between municipalities and regulators.  They need the data but they don't have necessarily the legal regime to access to the data.  So maybe having a regulator that can be used let's say by the municipality to access to the data of the private company, maybe it is the good complimentary action, but clearly we are talking about regulation and mandating access to the data.

>> MODERATOR:  Okay.  Thanks a lot.  I will have to conclude.  It is important to make a synthesis about what all has been said.  We have seen as we could I guess a variety of goals who shows potential of data sharing.  It goes from preventing the spreading of epidemics from a new kind of data driven regulation.  So it has a lot of potential.  We have seen that the plurality of approaches, legal regulatory, contractual, technical, using hardware or software regulation, so there is also a variety of tools.  But there is potential but there is also challenges and risks to achieve data sharing.  You have ‑‑ you need to have a strategy, a clear strategy.  There are costs for ‑‑ and kind of reluctance from the private companies apart from legitimate interest to data sharing.  So you have to overcome.  And there are risks, of course, especially about sensitive data and respecting privacy.  So we have explored a few propositions.

So there is, of course, the need to eat the elephant piece by piece.  And that means also to experiment advancing step by step.  The need in Governments to get multi‑stakeholder's approach.  It is not only the state.  There is complementarity between the state and cities and the citizens.  We have the power about how this data is shared.  And it is important to implement this privacy by design in the technologies used.  And we also explored a few tools, leverage.  So like a public procurement which can be very powerful to influence the data showing.  And also as regulation who can change the ways the competition is going on.  So this is a very quick synthesis.  But I hope it gives everyone a wish to go and work about this important issue.  Thanks everyone.