[Cross-posted from Connected by Data blog]
There are a couple of themes that have run through this week that I’ve been trying to reflect on for this week’s weeknotes. The first of those is around the role of narratives and imagination, and the second, on approaches to legislating around data protection and sharing.
Narratives and imagination
Over the last few weeks I’ve been reading Ari Ezra Waldman’s Industry Unbound which provides an account of how even strong privacy advocates within the technology industry become co-opted into serving the goals of data-hungry corporations. This occurs through the reframing of privacy in terms of security, and the articulation of compliance regimes that sidestep substantive privacy issues and instead cast privacy narrowly in terms of transparency/notice and consent. Ari’s account argues that the policy space for thinking about meaningful privacy practice has been intentionally eroded by corporate lobbying, and space for meaningful privacy action within firms has been shut-down by bureacratic organisational practice that means privacy practitioners inside firms are excluded from design decision-making, or downplay concerns to avoid being cut-out of future discussions.
In the context of Data Reform Bill proposals to reduce the independence (or even existence) of Data Protection Officers, and shift towards a more US framework of organisational ‘privacy programmes’, Industry Unbound feels like essential reading. I’m not all the way through yet, but I’m already taking away a deeper appreciation of the hard work we have ahead to make sure any policy proposals Connected by Data may bring forward are, as far as possible, designed with potential patterns of corporate resistance in mind, and shaped to try and protect against the risk of they are simply translated in compliance checkboxes with their force ultimately blunted.
This has got me thinking more about the importance of Connected by Data work on developing and embedding narratives that tap into a broader view of both what we mean by protecting data, and what we mean by data sharing. It’s not enough to have policies that provide the ‘letter of’ participatory data governance, if we’ve not also secured engagement with the ‘spirit’ of the proposals too.
Right now, this feels like quite an uphill task. I was struck in the Living with Data panel I attended at the Data Power conference how difficult it appeared to be for people to imagine collective control over data, and indeed, in many cases, to imagine control over data at all outside of straight resistance to data collection. In a week when the MyData 2022 conference has been talking place in Helsinki, essentially doubling-down on models of individual data sovereighty that do little to disrupt narrow data discourses, we’ve been spending some time, led by Jonathan, on the Connected by Data brand narrative. Central to this is working out how to bring the problems of current data practice more clearly into view, and thinking about ways to support clearer collective imagination about the ways community-centred data governance could transform things.
On my ToDo list for the coming weeks is to work on a blog post on ‘Questions to ask about data governance?’ to try and capture some critical tools to bring into relief the problems with the status quo (reliance on notice and consent; narrowing of both privacy and data sharing concepts; failures of transparency etc.) as a first step to then supporting exploration of alternatives. I also found it useful in preparing for the Open Futures Salon on Thursday to look at the flow-chart of data governance processes they have set-out in their proposal for future Business to Government (B2G) data sharing in Europe, and to reflect on the kinds of participatory governance that might be possible at each level.
I found the State of Open Data panel I chaired on Wednesday was also a powerful reminder of the importance of ‘re-imagination’. Where I had anticipated that our discussions might get drawn into a focus on the deficits around open data and AI, the inputs from Reneta Avilla, Jeni Tennison and Feng Gao all offered a number of points of hope around building more inclusive data futures, putting particularly emphasis on cultures of openness, and the power of openness to support collaborative and imaginative problem solving. Rather than presenting a case to ‘go back’ to the open data of old, they each offered a view of an open data landscape which has become more nuanced, and that has, in practice, adapted to a much more complex landscape of data access and use, even while overarching narratives around an open binary, and open licenses, have not been wholly updated – at least at the global level. From this point, the session started to sketch out a way forward, building on the collaborative potential of open data: something also picked up in a blog post from Leigh Dodds this week. Reflecting on this session makes me reflect on how to make sure the Connected by Data narrative is about the future of data governance, not about recapturing a lost (and fictional) past.
Legislating lists or processes
I noticed an interesting resonnance between the two bits of proposed legislation I’ve had on my radar this week. Both the EU Data Act, and the update on government proposals for the Data Reform Bill, get into the question of listing particular categories of data that might be covered by B2G data sharing, and use by firms without needing to carry out legitimate interest balancing tests, respectively. And in both cases, the process of creating such lists to ‘bake into’ legislation is problematic. Either, legislation is inflexible, or, if mechanisms are put in place (as proposed around the Data Reform Bill) for secondary legislation to add categories, then there are significant concerns about not having adequate scrutiny of new categories, and risks that corporate lobbying will be able to extend or limit data sharing and processing.
In general then, there may be case to be developed for setting out the robust participatory processes that can sit in the place of legislated lists, or at least, that can be embedded as part of the way in which lists may be extended (or indeed curtailed). I’ve more to explore on whether there is precendent in the governance innovation space for this kind of approach (ping me if you’ve got experience here and would be up for a chat!), and to work out some ideas more concretely – but it seems we should be making the case that legislation that embeds space for dialogue and participatory decision making is more likely to be able to cope with the pace of technological change, than legislation that tries, a priori, to identify all the boundaries between frictionless or barrier-encountering data use and sharing.
Other things
- I had a catch up with Michael Canare’s, where we talked a little about the Data Empowerment framework – which is something I need to dig into a bit more, particularly to explore the interaction of individual and collective empowerment around data.
- After almost two months not touching a line of code, I worked up some Google Apps Script to get project-classified data from our accounting tool, FreeAgent, into a Google Spreadsheet to help with our financial tracking and reporting. Still some tidying up to do, and then I’ll try and share a version.
- As of yet, I’ve not had any responses to the e-mails I sent last week to ask for details of company balancing tests.
Next week I’m off to Amsterdam (Monday) and Utrecht (Tuesday) for a bit of freelance work supporting Land Portal with their data strategy – but, on the off-chance, I should have a bit of time free both days if any Netherlands-based collective data governance folk fancy catching up for a chat. Let me know!.