Wednesday, 30th November, 2022 (12:35 UTC) - Wednesday, 30th November, 2022 (14:05 UTC)
About this Session

Data is a high-demand valuable "commodity" keenly garnered by businesses, governments, and other organizations. Individuals share their personal and health information in order to receive a service, complete a transaction, or participate in some social activity.  With the Internet, it is easy to capture, process, store, and share (transmit) this information, in a virtual borderless ecosystem.  We, however, live within territories with borders.  Many countries have introduced Data Privacy and Protection legislations and Regulations, but cross-border data transfers give rise to digital sovereignty and jurisdiction challenges that are compounded by the ability (or inability) to monitor compliance and carry out enforcement.  Additionally, technologies such as Artificial  Intelligence, Robotics, Augmented and Virtual Reality,  and micro-targeting walk the fine line between providing great user experience and economic opportunities (the good) and being invasive/intrusive and exploitative (the bad and the ugly).

 According to UNCTAD 2021, 72% of countries across the globe have legislation, 9% have draft legislation, 15% have no legislation and 5% have no data. Does the increased legislation translate to the achievement of the right to data privacy and data protection? There is a crucial need to evaluate the implementation of legal frameworks in the context of data governance and protecting privacy. Governance and Legal Frameworks must be devised not only for “within the borders” but also cross-borders.  This is critical for mitigating risk while meeting the 2030 Agenda Sustainable Development Goals.  It is imperative that personal data privacy, the protection of the right to privacy, human rights, and national security be preserved while optimizing the use of digital technologies.  The Internet must be a safe place for data and data sharing.

○ Theme 1: Technologies and the perspective of people and data: Privacy and protection, a multi-stakeholder perspective.
○ Theme 2: Data protection and privacy: What is being protected, people or data? Who is being protected – Big Business or Government or people? What is the outcome - the truth, the whole truth, and nothing but the truth.
○ Theme 3: Towards an understanding of data governance and protection of privacy in the digital age: a multi-stakeholder perspective. Do we have a collective understanding of data?
○ Theme 4: Cross border data flows: opportunities and threats in the midst of deriving value. What are the opportunities – advanced and new technologies for economic growth and people empowerment? What are the threats - human rights, national security, privacy?
○ Theme 5: Evaluation of the implementation of the data privacy legislation: successes and setbacks. Who’s really aware?

Facilitate dialog and insight on who and what is being protected while improving economies and lives – people or data or something else? A deep dive into what is “reality” and what is “on paper” as it pertains to the data ecosystem (people, regulatory frame, technologies, data in its many expressions).

Identify successes and setbacks with the aim of using lessons learned to build and improve. Develop a collective understanding of data privacy and protection that will enable better governance structures for data that will meaningfully protect persons while improving lives and economic growth.

Possible next steps:
- Principles and commitments on data protection and privacy to propose to the MAG for inclusion in its contributions to the GDC;
- Linkages between data protection, freedom of expression, and access to information;
- Research agenda to build evidence on the effectiveness of and gaps in data protection laws;
- Advocacy to build a coalition on data for sustainable development and peace

1. What are we aiming to protect, data or people?
2. At what point does inclusion start? What should be protected? When should protection start? Where does protection start?
3. How do we control what happens to data while deriving value?
4. How are the increased laws and regulations being implemented? Are countries complying? Is data privacy being achieved in these countries?

Goal 8: Promote sustained, inclusive, and sustainable economic growth, full and productive employment, and decent work for all
Goal 9: Build resilient infrastructure, promote sustainable industrialization, and foster innovation
Goal 11 Make cities and human settlements inclusive, safe, resilient, and sustainable
Goal 16 Peace, justice, and strong institutions

1. Pilar Fajarnes, Chief of the Digital Economy Policy Research Section at the E-commerce and Digital Economy Branch of the Division on Technology and Logistics (DTL) at the UN Conference on Trade and Development (UNCTAD). Lead author of the UNCTAD’s report/ lead author of the Digital Economy Report 2021. (https://unctad.org/webflyer/digital-economy-report-2021, download report from https://unctad.org/system/files/official-document/der2021_en.pdf)
2. Mr. ‘Gbenga Sesan, Executive Director, Paradigm Initiative (Nigeria)
3 Arturo Muente Kunigami, Modernization of the State Lead Specialist at Inter-American Development Bank
https://www.datasketch.co/bid/datos-personales-y-leyes/en/ https://www.linkedin.com/in/amuente/
4. Florian Marcus, Project Manager, Proud Engineers
5. Sheena Gimase Magenya, Women’s Rights Programme, Association for Progressive Communications (APC).
6. Langithemba Mazibu, Senior Manager for Information Technology Analysis. The Information Regulator- South Africa
7. (to be confirmed) Nathaniel Fick, United States · U.S. Ambassador at Large for Cyberspace & Digital Policy · U.S. Department of State
8. Peggy Hicks. director of the Thematic Engagement, Special Procedures and Right to Development Division of the UN Human Rights Office (OHCHR)

Carol Roach, Deputy Director, Department of Transformation and Digitization, Ministry of Economic Affairs, Government of The Bahamas

Peace Oliver Amuge, Executive Director at Women of Uganda Network
Governing Data and Protecting Privacy
Key Takeaways (* deadline 2 hours after session)

(1) Data is multidimensional and people are one of those dimensions. Taking a siloed and obscured line is unacceptable. A global balanced approach must be established to allow opportunities that free flow of data presents, while addressing the barriers and threats to people.

(2) Existing legislative frameworks are insufficient or non-existent in regionally and nationally. Legislations cannot speak to data rights without addressing human rights. The patchwork landscape of data governance and protection of privacy need to be more coherent on a global level. Concerted effort is needed to strengthen the institutions that implement and enforce governance and protection. Trust must be re-established.

Session Report (* deadline Monday 20 December) - click on the ? symbol for instructions

The Relationship between Governing Data and Protecting Privacy 

  • Message 1: Data flows are critical for international cooperation in many fields, such as scientific research, law enforcement, national security, and transportation. Sharing data on a global scale can help overcome shared challenges such as climate change or pandemics. 
  • Message 2: However, while promoting these data flows we must also protect people’s privacy. We must support both objectives simultaneously and they are not necessarily contradictory. Effective privacy protections do not have to impede cross-border data flows. Rather, privacy protections can contribute to a safer and more prosperous global digital economy. 
  • Message 3:  Data has a multidimensional character that needs to be reflected in policies and governance frameworks.  Data governance should take a balanced approach, allowing free flow while addressing barriers and threats.

Legislation (Realities versus On-Paper) 

  • Message 1: Existing legislations and frameworks at national, regional, and international levels are insufficient. Current legislative amendment processes are too slow, failing to keep up with the fast pace of various digital transformations. 
  • Message 2: Issues around data protection should not be treated in isolation. Data rights go hand in hand with many others, such as rights to equal treatment and non-discrimination and rights to health and education. If these other human rights are not respected then there is little hope that data rights will be. 
  • Message 3: Internet shutdowns are unacceptable. 
  • Message 4: The current data governance landscape is highly fragmented, a patchwork of national, regional, and international rules. As such, we need greater coherence on a global level. This is not to say that there should be only one rigid set of rules enforced on all by one body. Different contexts and challenges, different histories, cultures, legal traditions, and regulatory structures mean that there cannot be one size that fits all. Furthermore, different people will interpret, implement, and enforce the same (model)
    legislations in their own manner. However, as countries and regions develop their own tailored approaches to data governance there should be some level of consistency and interoperability to facilitate data flows and ensure that the playing field is equal.
  • Message 5: Trust is at the centre of data governance but how do bodies which have shown that they do not deserve our trust regain it, how do they regain legitimacy? 
  • Message 6: Data governance policies should be developed with input from the multistakeholder community which understands not only the abstract legal debates around privacy but also the real-world challenges of implementing effective data privacy solutions.

Implementation (Realities on the Ground) 

  • Message 1: There is much talk but little action. We need to make sure that those who sign agreements actually follow through. As we see more and more countries around the world adopting new or updated privacy legislation, the gap can grow between the rules on the books and practice. 
  • Message 2: The current convoluted language of data governance legislation is not accessible to most of the global population and impedes implementation. 
  • Message 3: There needs to be a more globally coordinated approach.  If countries cannot get beyond an obscure and silo approach to privacy and protection, trust will become more eroded.
  • Message 4: Institutions that regulate and enforce governance and privacy need true autonomy and strengthening.  Time and resources must be committed by all stakeholders.
  • Message 5:  There is a need to establish metrics for all aspects of data governance.  Public and Private Sectors can measure where they are at and act.