Month: June 2022

Weeknotes – June 24th 2022

[Cross-posted from Connected by Data blog]

There are a couple of themes that have run through this week that I’ve been trying to reflect on for this week’s weeknotes. The first of those is around the role of narratives and imagination, and the second, on approaches to legislating around data protection and sharing.

Narratives and imagination

Over the last few weeks I’ve been reading Ari Ezra Waldman’s Industry Unbound which provides an account of how even strong privacy advocates within the technology industry become co-opted into serving the goals of data-hungry corporations. This occurs through the reframing of privacy in terms of security, and the articulation of compliance regimes that sidestep substantive privacy issues and instead cast privacy narrowly in terms of transparency/notice and consent. Ari’s account argues that the policy space for thinking about meaningful privacy practice has been intentionally eroded by corporate lobbying, and space for meaningful privacy action within firms has been shut-down by bureacratic organisational practice that means privacy practitioners inside firms are excluded from design decision-making, or downplay concerns to avoid being cut-out of future discussions.

In the context of Data Reform Bill proposals to reduce the independence (or even existence) of Data Protection Officers, and shift towards a more US framework of organisational ‘privacy programmes’, Industry Unbound feels like essential reading. I’m not all the way through yet, but I’m already taking away a deeper appreciation of the hard work we have ahead to make sure any policy proposals Connected by Data may bring forward are, as far as possible, designed with potential patterns of corporate resistance in mind, and shaped to try and protect against the risk of they are simply translated in compliance checkboxes with their force ultimately blunted.

This has got me thinking more about the importance of Connected by Data work on developing and embedding narratives that tap into a broader view of both what we mean by protecting data, and what we mean by data sharing. It’s not enough to have policies that provide the ‘letter of’ participatory data governance, if we’ve not also secured engagement with the ‘spirit’ of the proposals too.

Right now, this feels like quite an uphill task. I was struck in the Living with Data panel I attended at the Data Power conference how difficult it appeared to be for people to imagine collective control over data, and indeed, in many cases, to imagine control over data at all outside of straight resistance to data collection. In a week when the MyData 2022 conference has been talking place in Helsinki, essentially doubling-down on models of individual data sovereighty that do little to disrupt narrow data discourses, we’ve been spending some time, led by Jonathan, on the Connected by Data brand narrative. Central to this is working out how to bring the problems of current data practice more clearly into view, and thinking about ways to support clearer collective imagination about the ways community-centred data governance could transform things.

On my ToDo list for the coming weeks is to work on a blog post on ‘Questions to ask about data governance?’ to try and capture some critical tools to bring into relief the problems with the status quo (reliance on notice and consent; narrowing of both privacy and data sharing concepts; failures of transparency etc.) as a first step to then supporting exploration of alternatives. I also found it useful in preparing for the Open Futures Salon on Thursday to look at the flow-chart of data governance processes they have set-out in their proposal for future Business to Government (B2G) data sharing in Europe, and to reflect on the kinds of participatory governance that might be possible at each level.

I found the State of Open Data panel I chaired on Wednesday was also a powerful reminder of the importance of ‘re-imagination’. Where I had anticipated that our discussions might get drawn into a focus on the deficits around open data and AI, the inputs from Reneta Avilla, Jeni Tennison and Feng Gao all offered a number of points of hope around building more inclusive data futures, putting particularly emphasis on cultures of openness, and the power of openness to support collaborative and imaginative problem solving. Rather than presenting a case to ‘go back’ to the open data of old, they each offered a view of an open data landscape which has become more nuanced, and that has, in practice, adapted to a much more complex landscape of data access and use, even while overarching narratives around an open binary, and open licenses, have not been wholly updated – at least at the global level. From this point, the session started to sketch out a way forward, building on the collaborative potential of open data: something also picked up in a blog post from Leigh Dodds this week. Reflecting on this session makes me reflect on how to make sure the Connected by Data narrative is about the future of data governance, not about recapturing a lost (and fictional) past.

Legislating lists or processes

I noticed an interesting resonnance between the two bits of proposed legislation I’ve had on my radar this week. Both the EU Data Act, and the update on government proposals for the Data Reform Bill, get into the question of listing particular categories of data that might be covered by B2G data sharing, and use by firms without needing to carry out legitimate interest balancing tests, respectively. And in both cases, the process of creating such lists to ‘bake into’ legislation is problematic. Either, legislation is inflexible, or, if mechanisms are put in place (as proposed around the Data Reform Bill) for secondary legislation to add categories, then there are significant concerns about not having adequate scrutiny of new categories, and risks that corporate lobbying will be able to extend or limit data sharing and processing.

In general then, there may be case to be developed for setting out the robust participatory processes that can sit in the place of legislated lists, or at least, that can be embedded as part of the way in which lists may be extended (or indeed curtailed). I’ve more to explore on whether there is precendent in the governance innovation space for this kind of approach (ping me if you’ve got experience here and would be up for a chat!), and to work out some ideas more concretely – but it seems we should be making the case that legislation that embeds space for dialogue and participatory decision making is more likely to be able to cope with the pace of technological change, than legislation that tries, a priori, to identify all the boundaries between frictionless or barrier-encountering data use and sharing.

Other things

  • I had a catch up with Michael Canare’s, where we talked a little about the Data Empowerment framework – which is something I need to dig into a bit more, particularly to explore the interaction of individual and collective empowerment around data.
  • After almost two months not touching a line of code, I worked up some Google Apps Script to get project-classified data from our accounting tool, FreeAgent, into a Google Spreadsheet to help with our financial tracking and reporting. Still some tidying up to do, and then I’ll try and share a version.
  • As of yet, I’ve not had any responses to the e-mails I sent last week to ask for details of company balancing tests.

Next week I’m off to Amsterdam (Monday) and Utrecht (Tuesday) for a bit of freelance work supporting Land Portal with their data strategy – but, on the off-chance, I should have a bit of time free both days if any Netherlands-based collective data governance folk fancy catching up for a chat. Let me know!.

Weeknotes – 17th June 2022

[Cross-posted from Connected by Data blog]

It’s been a week of planning & strategising, in-between two conference and panel-heavy weeks last week and next. On that note, do join me for the State of Open Data panel on AI next Wednesday (1pm BST), and at Open Future’s first salon looking at Business to Government Data Sharing on Thursday. Plus, I’m hoping to make it along to some of the online components of the Data Power conference.

Iterating on the case database

It looks like we’re getting into a good pattern of Monday and Wednesday team meetings, which offers a mix of focus on what we need to deliver (Monday meetings with a work planning spreadsheet) and a space to reflect on what we’re learning through the week (Wednesday meetings, where I experimented this week with bringing a sketch of the case database development for team feedback).

I’ve been getting a bit stuck with working out how to move forward the work I’ve been doing to build a dataset of cases of participatory data governance, particularly working out how to align this with our wider advocacy and practice work. So, picking up on the suggestion that it is sometimes easier to brainstorm in slides than in a prose document, I pulled together a short deck outlining where I’ve got to, and providing some rough mock ups of possible ways to expose the case study research on the Connected by Data website.

Mock up image containing the text: Hundreds of organisations have already been engaging communities in data governance > Explore case studies. Freom public dialogues to citizens panels, tried and tested models exist that can put collective data governance into practice > Explore methods. You don't need to go it along > Connect with othe practitioners. For participation to build trust in data governance, it needs the right fit > Find the approact that will work for you.

Caption: Rough mock up of Connected by Data website with four ‘calls to action’ that build on the case database work.

Feedback from Jeni and Jonathan pointed to a number of useful areas to explore more, including thinking about how far we editorialise cases to highlight our opinions on what best practice is, how we might work with partners to provide a long-term home to any case and method library resource we create, and how, when allowing users to browse by methods, we clearly communicate that effective participatory governance often requires a mix of methods.

In the deck I shared a few experiments that try and get at this latter point – visually presenting the ‘structure’ of the different cases I’ve surveyed to highlight that they involve multiple related components. I had initially thought that it might be possible to generate a ‘graph’ of relationships between components, but experimenting with mermaid.js graphs (And its nifty text to graph syntax) quickly revealed that it was going to be tricky to generate elegant presentations this way. Instead, I turned to a more linear approach to showing the structure of an example case, using icons from the noun project to start to pull out relevant facts about each component of a participatory data governance case, such as whether engagement activities are one-off, repeated, or ongoing, and whether they involved a single group over time, or multiple groups.

Image showing network graph, and linear graph, of case components: Rapid review; Dialogues (weighted sample), participant led research, specificailly impacts group sessions, and analysis and report.

I’m going to do some work in the coming weeks to explore engaging with a designer on a next iteration of this, helping to firm up some of the key concepts we want to communicate about getting the practice of participatory governance right.

Sector selection

As Jeni has explored in her weeknotes, we spent some time this week looking at selecting a small number of sectors in which to focus our work over the next year, settling on a shortlist of debt, education and housing. I’ve started writing up a scoping document for our sectoral focus on Debt, (incorporating consumer finance and gambling) to sketch out some of the key data governance issues, key stakeholders, and potential policy influence opportunities related to data governance. At this stage, the focus is on rapid research to validate whether or not this should be a focus sector for us, and to develop our shared understanding of the scope of the sector.

Campaign strategy

I also spent a bit of time this week talking with Jonathan about our next steps of campaign planning, and how to facilitate our next stage of work on the Data Rights Bill. More on that in the coming weeks.

Other notes

Workshop on Governing Knowledge Commmons

On Monday I dropped into an online session of the Workshop on Governing Knowledge Commons set-up for discussions of ‘half baked research ideas’ linked to smart cities and knowledge commons. There were a couple of really useful insights from the discussions, including tips from Brett Fischman on making sense of complex phenomena (like adoption of smart city technology, or, indeed, collective governance of data) through analysing in different action arenas from Macro (i.e. how is the city as a whole adopting a collective approach to data governance?), to Meso (how is work in the housing sector in the city adopting collective data governance?), to Micro (how is a particular project making use of a collective approach to data governance?).

Katherine Strandberg pointed to the particular features of the Governing Knowledge Commons (GKC) framework, as opposed to Ostrom’s commons governance work, in dealing with the fact that “knowledge commons are especially likely to have impact (positive or negative) beyond the community obviously involved in creating the knowledge”, such as in cases of patients involved in rare disease research.

In response to some of my musing on how we can use our Connected by Data case research to understand the kinds of governance appropriate to different situations, Brett offered the concept of externalities as one tool to use. Depending on the data and context in play, there may be different positive or negative externalities from data collection and use to worry about, and different kinds of governance institutions may be more or less effective at managing these.

Indigenous Data Sovereignty

Thanks to Jeff Doctor for sparing the time to chat through some of the ways Indigenous tech firm Animikii are thinking about data governance, and about some of the data (and wider) issues facing Indigenous communities. We touched on the challenge of identifying the legitimate collectives that have a role in governing data, particularly in cases where the claim of states to jurisdiction over territory and peoples remains contested, and the need to recognise the ongoing struggle that many Indigenous people face to find security, and to avoid being criminalised or marginalised through data-driven forms of surveillance and control. This brings into relief some of the challenge of designing participatory data governance approaches that engage those most affected by data use, whilst respecting that the point at which individuals and communities most experience data-based harms may be the point at which they have least capacity to engage in wider governance debates.

It was also insightful, amidst the talk that sometimes comes up around the Datasphere initiative of navigating data governance in a post-Westphalian order, to be reminded of the many Indigenous nation’s claims on land, that have long challenged the settled international boundaries taken for granted in so much work. Jeff pointed me in particular to the Land Rights statement of The Council of Chiefs of the Haudenosaunee, making a connection between data rights and land rights.

RightsCon

Building on last week’s weeknotes, I added a few bits into our write up of RightsCon which you can find here.

Visualising processes

On Wednesday I had a catch up with Mel Flanagan of Nook Studios, whose work seeks to make complex processes much more accessible through careful information design. Mel shared updates on the work they have been doing to join the dots between different open government initiatives and data silos, but we also talked briefly about ways the process-visualisations developed for this could be applied in data governance dialogue processes.

Legitimate interests research

Lastly, I ended the week by firing off a few ‘test requests’ for Legitimate Interest balancing tests from a selection of companies whose privacy policies invite users to request these.

Using the Princeton-Leuven Longitudinal Privacy Policy Dataset I’ve searched for “balancing test” and then identified a number of large websites that have text in their current privacy policies to the effect that: they process certain data on the basis of legitimate interests; they have carried out balancing tests; these balancing tests can be requested by emailing them.

Conscious of the controversy from the Princeton-Radboud Study on Privacy Law Implementation which sent simulated messages to request GDPR related implementation information to a large number of websites, triggering significant work by in-house legal teams, I’ve taken care to clearly identify in the outgoing messages that this is part of Connected by Data research work, and is not strictly a customer request, so I will be interested to see what replies, if any, we get.

This will help shape any future research work into how balancing tests are currently used, particularly relevant with the upcoming details of the Data Reform Bill.

(Mid-)weeknotes – 1st June 2022

[Cross-posted from Connected by Data blog]

These weeknotes are falling a little late, but as the Jubilee double bank holiday in the UK means it’s now a really short-week, I’ll cover two weeks for the price of one, while trying to focus in on just a few themes from the last 12 days of CONNECTED BY DATA work.

Narrative, Policy & Practice

A big focus of last week was our first team day. Besides being fantastic to properly meet my new colleague Jonathan, and have the day working face-to-face with Jeni and Jonathan, we were able to take a deep-dive into some of our Theory of Change, and to think about what it means to frame CONNECTED BY DATA as a campaign.

One of the key insights for me from the day was to more clearly articulate our position as a ‘bridge’. It’s not that there is a shortage of great thinking and experimentation out there about taking more collective approaches to data governance, nor that there is an absence of policy appetite for addressing data governance challenges. The gap to be addressed is arguably around testing, translating and communicating how data can be done differently. As Jeni has explored in her weeknotes, this involves being able to better articulate both the manifest harms from current data practices, and less tangible impacts that come from the data traces of our lives being treated as a natural resource for commercial exploitation.

I have the feeling that focussing on this bridging role will be really important to scope our future research work, and identify the kinds of activities that fit well within CONNECTED BY DATA , and those that we might support and work on with partners, but not directly lead on.

Framing governance & decision making

In a couple of conversations in the last two weeks, including a research design session with the team at Research ICT Africa, I’ve been feeling the need for a clearer conceptual map of where data governance decisions are made. In short, I’m looking to have a clearer articulation of the activities that data governance addresses (data collection, design, analysis, use, sharing, etc.), and the particular tools of governance, such as setting principles and policies, operational decision making, oversight, scrutiny and evaluation.

In thinking about what it means to make decisions more participatory, I’ve spent a bit of time looking back over my past work on youth participation: in particular a 2008 Open University Study Guide that accompanied a chapter in Leading Work with Young People. One of the study activities we included there was to ask youth workers to document every decision made as part of a recent event or session, and then to work out which were the decisions that mattered. The point was to emphasise that empowerment does not come from simply sharing every decision: but involves working out which decisions need to be shared, and what kind of participatory process there needs to be around them.

I was also struck reading Katya Abazajian’s critique of the use of Open 311 data (which, incidentally, hints at many broader issues of collective data governance) by the discussion of how the way questions are framed significantly shapes the outcomes.

We also touched on this point a little at our team day when Aidan Peppin from the Ada Lovelace Institute joined and shared insights from the public dialogues and citizen’s juries that he has been involved in. While some dialogues have led to participants adopting quite collective language for thinking about their _data, others have taken a more individualistic tone. As Jonathan has explored, some of this seems to be to do with how people feel about the _institutions behind the data. It also appears related to the framing of the subject matter being considered (health data vs. location data for example). However, I’m curious as to whether there are particular ways to sensitively offer collective language into public dialogues on data.

I had a go at thinking about this in providing some asynchronous feedback into the stakeholder group for a Data Stewardship Dialogue being run by the Open Data Institute for the NHS AI Lab, where I tried to draw out the distinction between ‘collective decision making’, in terms of decisions made by a group (but where participants may still be making their decisions based on individualism and self-interest, and the outcome might be based on simple majority voting for example), and ‘decision making for collective benefit’, where the process encourages greater thinking about our interdependence.

Building on all of this, in the next few weeks I’ll be seeking out, or sketching out, some sort of small methodological tools that might help with better mapping out and describing the detail of data governance decision making, to sharpen up how we both research existing practice, and how we frame our vision of what future policy and practice should be.

Other things

  • I was left scrambling a bit on Tuesday when my main work computer, just about to be used to webcast a community meeting hosted at the lovely Stroud Brewery, had a run-in with a pint of ale. It’s at the repair shop hopefully drying out – but thank goodness for backups (apart, frustratingly, for five hours worth of data governance literature review write-up).
  • I’ve submitted our proposal for a session on Collective Data Governance at the Internet Governance Forum (thanks to everyone who contributed!), and have been in conversations about a few other convening opportunities around research and policy, including chats with Christian Perone from ITS Rio, and Preeti Raghunath from Monash University.
  • It was great to connect with other Datasphere Initiative fellows for our monthly meeting on Friday – where we were also hearing from Martin Pompéry of SINE Foundation on some of their work deploying both technical and organisational approaches to govern data sharing for carbon emission reporting across supply chains.
  • I’ve been listening to this interview between Divya Siddarth and Douglas Rushkoff on Team Human, which offers some great insights into how tech communities are drawing on concepts of co-ops, commons and the pluriverse, including weaving it into the Declaration on the Interdependence of Cyberspace.
  • I’m looking forward to being a delegate at RightsCon next week, and have been starting to put together a list of sessions to tune into over the week, as well as planning to keep my diary a bit more open for ad-hoc remote-conferencing connections.