IGF 2019 WS #236 A universal data protection framework? How to make it work?

Organizer 1: Ying Tung, Mandy Chan, The University of Hong Kong
Organizer 2: Mingzhu Li, Hong Kong Shue Yan University
Organizer 3: Steven Chen, The Chinese University of Hong Kong
Organizer 4: Aidana Alken, The Hong Kong Polytechnic University
Organizer 5: JING HAN DONG,

Speaker 1: Arthur Gwagwa, Technical Community, African Group
Speaker 2: Jaewon Son, Civil Society, Asia-Pacific Group
Speaker 3: Peter Kimpian, Intergovernmental Organization, Western European and Others Group (WEOG)
Speaker 4: Lih Shiun Goh, Private Sector, Asia-Pacific Group

Policy Question(s): 

How to define “open data” so as to foster the development of sustainable digital economy and data governance of a country? (SDG 8, 11) How different governments can devolve more power to individuals when it comes to data protection, meanwhile ensuring the quality and accountability of the data? What kind of attitude the global policy community should hold towards the use of personal and open data in a cross-border context? What are the challenges and opportunities will bring when there are no standardized data protection framework that addresses the legitimate concerns of privacy ? How can businesses, governments, and transnational organizations employ and design a universal data protection framework to develop effective policy? (SDG 9, 10, 16, 17) What kind of consensus they should reach towards data protection? What are the implications of recent institutional regulations on data protection in the global south? How these institutional change affect the internet ecosystem in general? What challenges and opportunities will the data privacy regulations bring to the developing and developed countries? Is it possible to establish a global jurisdictions that settle disputes towards data governance? (SDG 9, 10, 16, 17)

Relevance to Theme: When Open Data Institute defines “open data”, it refers to the “data that anyone can access, use or share”. Some developing countries start to open their data to foster the economic development of the country and improve the living quality of the citizens, yet there are different layers behind the practices of open data governance. In the field of management, a clear definition of open data will help the decision-makers to identify what data are crucial to the sustainable economy growth of the country. What data should be released for use by the community, research, business and industry and how it should accelerated to derive new insights for more well-rounded public services and policy-making. The interplay between legal and policy framework under open data governance is fundamental, as it could complement, enable or limit the scope of open data. It takes the issues into not only a national level, but a global level that there are countless cross-border data flowing in the borderless cyberspace every second. While some countries adopt a protectionist perspective towards the domestic data, some other set up regulatory framework (eg. GDPR) to protect the data rights of individuals. Nevertheless, there are no existing universal guidelines for data governance that could indeed hinder the global engagement or commerce online, and most importantly, some countries may resort to follow the existing data regulatory model which in turn risk creating a more fragmented global geometry for commerce and information exchange. It will affect the flows of cross-boundary data and leads to isolation and siloing of data usage within a specific country. The issue is imminent and involves not only the governments and the global community but individuals. This workshop aims to explore and discuss the possibility of establishing a universal data protection framework by firstly examining the considerations and limitations of GDPR, and then discuss what kind of attitudes stakeholders should hold towards the universal data protection framework. Finally, a roundtable discussion will be held to further the discussion towards the consensus and possibilities of building up a universal data protection framework.

Relevance to Internet Governance: Data governance concerns an array of diverse and sensitive issues like protection of personal data, law enforcement and other security issues. Different governments have different models to steward their data, so as to foster better governance. This issues is interwoven with internet governance, since the internet is a vast network which is connected by standardized data communication protocols. On the surface, every issue seems to be simplified owing to the existence of common and unified adoption and use of protocols. Despite the fact that it makes the information and communication exchange becomes more compatible and interoperable, the issue indeed has become more complex especially when dealing with data privacy and protection. A vulnerable data management may result in data and privacy breaches which poses risk of crime, abuse, surveillance and social conflict at a domestic or even global level. The collection and use of network data, when not being properly regulated and stewarded, could put the cybersecurity at risk, hindering the proper functioning and use of the internet. Above scenarios demonstrate the importance of data governance in the use of internet, and thus highly relevant to internet governance. The other side of our policy questions focuses on practical mechanism in governing data. We seek for better understanding on the capability of developing countries in handling issues related to data governance and the impacts of doing so. Examining the different limitations and advantages that when regulating data privacy issue can give us insight in understanding the strengths of and the possible assistance needed for an effective stewardship in different countries. Learning about the differences and uniqueness between the global north and global south could help in constructing a universal framework that could facilitate international cooperation and meaningful participation among different countries, regardless of their developmental level, in global internet governance.


Round Table - Circle - 90 Min

Description: Agenda: Introduction - (5 mins) Our moderator will start this session with an introduction of different stakeholders in the formulation of data regulations and elaborate the agenda of the workshop. Speaker sharing - (5 mins) Our specific speaker, Péter Kimpián will share about the limitations and considerations of drafting GDPR, so that participants can understand how a universal public data protection framework can take references from this institutional change. Using popular case study as an example will help to focus the discussion on one particular issue. The outcomes of this discussion can be generalized later to make them applicable in similar cases in the future. Break-out sessions - (20 minis/ depends on the number of participants) Smaller break-out sessions with experts from different backgrounds will tackle the policy questions from different aspects. Participants will be able to focus on one specific topic. a) Main focus: What kind of attitudes the global policy community should hold towards the use of personal data in a cross-border context? Guiding question: What challenges and opportunities will the data privacy regulations bring to the developing and developed countries? b) Main focus: How can businesses, governments, and transnational organisations employ and design a universal data protection framework to develop effective policy? Guiding question: What kind of considerations they should reach towards data protection? c) Main focus: How these institutional change affect the internet ecosystem in general? guiding question: What are the implications of recent institutional regulations on data protection in the global south? break-out session a: Péter Kimpián & Deborah Elms break-out session b: Waldo Jaquith break-out session c (for remote participants only): Arthur Gwagwa & Ms. Jaewon Son Wrap-up for each session (10 minis) Our speakers will summarize the discussion in the group and share their opinions on the policy questions in the breakout session. We will then open up three questions from the on-site and online participants. Round-table discussion (40 minis). In the round-table discussion, we will break down the geographical limit and expand our question to global level “Is it possible to establish a global jurisdictions that settle disputes towards data governance?” Each speaker will deliver 3 minutes sharing first and then our microphone will open to the participants. We also open up the remote participants to comment and ask questions. Our on-site and online moderator will facilitate this session and may ask follow-up questions to encourage participants to interact. Conclusion (10 minis) Moderator will summarize the key takeaways from the discussions and our on-site moderator will link ideas back to the theme of opening up data. Speakers may add final remarks if they wish.

Expected Outcomes: This workshop will provide participants an overview of the data protection from domestic to a global level. With the specialisation of GDPR, it is aimed to investigate the current limitations and considerations of the transnational data protection law which hopes to shed light on the imminence of establishing a universal data protection framework. Another outcome will be to raise the awareness of the potentials and also danger the use of open data at national and global level. Through round-table discussion, it will offer chances to further discussion of the possibility of the framework and inspires the participants to reflect on the limitations and resources for a global jurisdiction in settling disputes towards data governance, and most importantly, to general novel ideas to foster the development of global data governance mechanism.

Onsite Moderator: 

Mingzhu Li, Civil Society, Asia-Pacific Group

Online Moderator: 

Ying Tung, Mandy Chan, Civil Society, Asia-Pacific Group


Aidana Alken, Civil Society, Asia-Pacific Group

Discussion Facilitation: 

The session organisers will be responsible for managing the length of each session in achieving a meaningful yet balanced discussion on issues revolving data governance. With the aim of exploring the possibility of establishing global jurisdictions that settle disputes towards data governance, the session organisers will facilitate the discussion by encouraging and bringing in novel questions and opinions from both onsite participants and online participants. Opportunities will be given to participants to share their thoughts on different dimensions of data governance with our professional speakers during the break-out sessions. During the round table discussion session, interactive online tools will be employed to engage participants. The round-table discussion is expected to enable interactions and exchange of views between participants with diverse backgrounds and speakers representing different stakeholders that could foster understanding of the present needs, existing limitations and potential resources for a global data governance mechanism.

Online Participation: 

By clicking on the link in any electronic agenda which will be published on the IGF website or the social networking sites, participants can be directed to the meeting room. If the speaker is a remote presenter, they can still access the the meeting room to present their ideas.

Proposed Additional Tools: One video presentation Social Media hashtag on Twitter Interactive voting website with smartphones during presentations (eg. Mentimeter)


GOAL 8: Decent Work and Economic Growth
GOAL 9: Industry, Innovation and Infrastructure
GOAL 10: Reduced Inequalities
GOAL 11: Sustainable Cities and Communities
GOAL 16: Peace, Justice and Strong Institutions
GOAL 17: Partnerships for the Goals