Data governance remains a difficult concept to unpack even as efforts to understand what good data governance looks like have recently multiplied across the world. The Centre for the Study of the Economies of Africa (CSEA) is leading a number of research activities aimed at clarifying what data governance means for the continent and what should be done to set up governance frameworks in African countries. These include a recent event on African data governance (recording available here), a project and subsequent report on Strengthening Data Governance in Africa, and the African Digital Preparedness dashboard.

The Data Values Project spoke with CSEA Director of Research Dr. Adedeji Adeniran to learn about the current state of thinking on this topic and research priorities and needs for the coming years:

Data governance is a broad concept. What's your working definition of governance?

In the context of CSEA’s work, we define data governance as a set of rules, laws, and strategies used by governments and private organizations to manage, share, and analyze data. This concept also encompasses the ecosystem of players and relations that are built around data, especially those generated by new technologies. Technological innovations produce vast amounts of data and generate significant aspirations in terms of digitalization across the continent. The purpose of data governance is to make sure that these aspirations are effectively channeled and to stay away from two possible extreme scenarios: one in which the private sector has the free rein to do what it wants with these new technologies and another in which governments over-constrain innovation by means of regulations. 

Why has CSEA focused on data governance as a primary area of research?

It is precisely the need to find the middle ground between the two extreme scenarios I mentioned which is the impulse for all these activities. Further discussions on data governance are needed in Africa to find our pathway. Our continent is characterized by weak governance and institutions which allow private companies and platforms to enter the market and reap the benefits of the data economy while facing few constraints. However, these institutional challenges make Africa quite vulnerable to threats linked to digitalization and also lead to violations of rights and negative externalities which would not so easily appear in other geographies. 

If we do not start talking to private players now, they will gain too much power and influence, and it will be too late to counter possible negative consequences of their operations. At the same time, Africa has a lot of potential when it comes to the expansion of the data economy, and we want our continent to benefit from the rapid digitalization currently occurring. This means that we should not fall into the other extreme and overregulate companies which will then be pushed away and not encouraged to come into our markets. Data governance must be able to establish some rules of the game, to avoid negative externalities linked to data exploitation while at the same time enabling benefits to emerge for citizens and economic players. 

In this respect, what we have learned from the European experience on data governance is that, to establish suitable rules for the game, you must be sitting at the right table. The European Union is trying to regulate companies which are mostly based in the United States and struggling to do so because decision-makers do not sit at the same table as these large platforms and Europe does not have the right software champions to join the debate. We must learn from this experience and make sure we create a seat at the right table when it comes to establishing data governance rules.

CSEA’s African Digital Preparedness dashboard shows significant differences among African countries in data governance laws and frameworks. What are some lessons from national experiences in African countries and what can the world learn from them?

There are several lessons that can be drawn from the data collection and analysis we performed for the African Digital Preparedness webpage. Maybe the most important is that establishing good data governance frameworks is not a prerogative of the biggest countries. As our analysis shows, countries such as Mauritius, which are among the smallest of the continent, have set up better data governance frameworks than many larger countries. In this domain, it seems that the size of the country really does not affect the quality of the rules adopted.

A second key takeaway concerns the explanation of differences between countries. Our analysis suggests that the main driver of country differences in terms of rules lies in their human resource capacity. To establish good data governance frameworks you need human and social capital. This is because you need rule-makers who understand technological development to be able to adopt rules that steer and don’t prevent innovation. Human capacity is distributed unequally across Africa, which leads me to a third lesson.

Besides the growing Global North-South divide, we are also witnessing increasing inequalities across African countries. Only a few of them are truly benefiting from the rapid development of the data economy although a vast majority of countries are experiencing sustained economic growth. This considerable gap and these differences across countries also reflect a disconnect between national priorities and regional priorities. To ensure that the data economy benefits us all, we need to strengthen our African approach from a regional perspective and to act as one on the international scene. In the context of the data revolution and to grow the data economy further, Africa needs the world, but the world also needs Africa. 

What are the most important emerging trade-offs in data governance (i.e. between allowing unrestricted data flows and ensuring citizens’ data are not misused by corporations) and how can we tackle them? 

I believe that there are two major trade-offs which deserve our attention at this stage. One concerns the balance of power between the public and the private sectors. There is a fine line between giving free rein to private sector players and empowering the public sector to overregulate the economy. I am not entirely sure that we want to replace private sector failures with public sector failures. Recent examples of state intervention from different African countries show that governments might be tempted to impose unnecessary and anti-democratic (although often temporary) restrictions on the data economy (i.e. the recent Twitter ban in Nigeria or the limits on Facebook and Twitter in Uganda before the elections). Taking this into account, we should be careful about what we ask for from governments, and we should not empower governments to make bad decisions on data governance.

A second important trade-off relates to the debate between data localization and data protection. The option of relying on data localization rules as a form of data protectionism to allow the emergence of a local data economy should not be blindly followed. Africa is not Europe and formulas imported from other continents might not work well here. We need to find a good balance between enabling data flows and protecting citizens’ rights. This is particularly important as we know that the development of AI systems requires vast amounts of data which begs for cross border data sharing. One way of solving this trade-off is through a differentiation of types of data depending on their sensitivity: cross-border flows of health or financial data might need specific rules in terms of privacy which might not be needed for less sensitive data. 

Ultimately, succeeding in establishing the right data governance in Africa requires nailing down which roles the public and the private sector must play in setting up an adequate framework for the data economy.