The absence of clear laws or regulations to govern data sharing can pose challenges, too, including making partners averse to data sharing. Regulatory uncertainty may result in hesitation to enter a partnership for fear of incurring penalties. A complex policy landscape may cause potential partners to be confused about the legality and extent of permissible sharing and therefore reluctant to form partnerships. Studies indicate that clarity in data regulations, an enabling data-sharing environment, including data sharing strategies and the promotion of cross-border data collaborations by governments, can foster innovation in data sharing.
In this context, initiatives must take stock of the existing landscape, identify gaps, and seek to develop policies and frameworks for data governance within the partnership that build trust among data sharing partners and minimize the risks inherent to a variable or uncertain policy landscape.
InBloom was an ambitious data-sharing partnership that shut down in 2014, less than a year after its launch, following a public outcry from parents concerned about the privacy of their children’s data.
The project, which was primarily funded through the Bill and Melinda Gates Foundation, sought to collect and aggregate a broad spectrum of data from various U.S. schools across multiple states. It aimed to collect, store, clean, and aggregate student information to further share the data with third parties for developing learning tools to assist classroom educators.
But gaps in a nationwide framework for student data privacy and rising distrust of companies’ and governments’ uses of personal data led to the demise of InBloom. Outdated regulations did not address key privacy issues around consent and security and lacked a meaningful enforcement remedy. As a result, when data of millions of students was shared without their consent, parents did not have the adequate recourse that an effective regulatory structure could have granted.
The actions of InBloom were not illegal, but they existed in a regulatory vacuum. The failure of the initiative catalyzed conversations around student data privacy that resulted in new student data privacy regulations.
In response to legislation in a country that is pending or unclear, partnerships can set up policies and build internal guidelines that are responsive to new or potential changes in legislation. Data governance-related policies are evolving as digital technology advances, whether a partnership anticipates the changes or not. Even when data laws are relatively well-established, as in the case of GDPR in the EU, new rules, policies and legislation are rapidly being developed. So maintaining flexibility is key. It’s not enough to have a well-stocked kitchen at the start: An initiative will need new tools, equipment, or processes to adapt recipes as policy landscapes evolve.
Anticipating these changes in context as well as potential conflicts in existing partnerships can help prevent disruptions in data sharing. For example, a pending or proposed national law that prohibits storing data of citizens outside of a country’s borders should prompt conversations within a data partnership about the risks and benefits of data storage options. In case this type of flexibility results in increased costs, what use cases might be necessary to develop as value propositions change?
Identifying the project’s connection to national ministries, including data protection agencies, as well as subject-specific ministries, such as agriculture or Information and Communication Technology (ICT), is key as is understanding active data-sharing relationships among existing partners. These connections greatly impact a project’s approach.
One approach to testing a proposal or governance framework for a data sharing partnership is using regulatory sandboxes, which the Datasphere Initiative describes as “collaborative environments that test innovative technologies and data practices against regulatory frameworks.” Sandboxes facilitate multi-stakeholder engagement around solving tough problems with data. The Datasphere Initiative’s Global Sandboxes Forum aims to convene a global cross-section of stakeholders, helping them build focused and constrained environments to test out innovative data-focused solutions in the context of existing multi-level legislation, policy, and processes. Sandboxes help build trust among actors from diverse sectors where levels of collaboration have been traditionally low. Starting with small-scale collaborations in a testing environment allows partners to trouble-shoot policy and regulatory issues that can create hiccups in data sharing and building trust.