Data Governance

Paving the way for the future

From 2010 to 2020, the amount of data worldwide increased from a mere two zettabytes[1] to 64.2 zettabytes,[2] representing a growth of over 3,000 per cent. It is expected to grow to 175 zettabytes by 2025.[3] The data economy represented 2.6 per cent of the European Union’s (EU’s) gross domestic product (GDP) in 2019. Estimates predict that it will increase to four to six per cent of the EU’s overall GDP by 2025 (circa euro (EUR) 829 billion).[4] As for China, estimates are that the data economy will reach 55 per cent of its GDP by 2025.[5] Of course, these numbers are to be taken with a pinch of salt, and, as the valuation methods and basis are different, face-value comparison would make no sense. Still, as Isabelle Hajjar of TekID explains, they are representative of the growing—if not crucial—importance of the data economy.

As coined by the digital community, ‘the age of data is here’.  

The datacracy, or running wild with data

With the ‘all digital’ drive charging full speed ahead, the global data market has shown itself to be a classic case of asymmetric data collection and use, as well as moral hazards, emphasised by the data-hoarding habits of organisations, public and private alike.

To cite only a few of the most publicised scandals and controversies: the Facebook-Cambridge Analytica scandal affecting millions of the platform’s users in the midst of a political campaign; IKEA spying on its employees; IBM’s photo-scraping to enhance face recognition; Google’s Nightingale project with extraction of real-time health data without consent; Waymo vs. Uber artificial intelligence (AI) trade-secret lawsuit relating to self-driving cars; Uber spying on everyone; Target’s pregnancy predictions through buying habits;  Microsoft’s ‘Tay’ bot tweeting hateful and racist content; COVID-19-related tracing apps – the list is endless. 

While digitisation and data can present chilling dangers, they also are the lifeblood of economic and societal development. In this respect, China and the EU came to the same conclusion: there is an urgent need for foundational data governance for the years to come, which will be pivotal to ensuring a digital dividend to everyone in a healthy data environment.

The rise of data governance

After decades of unbridled data hoarding and use, how does one ensure that everyone will reap the benefits of the data market, while also curbing its unhealthy and unethical aspects?

Well…through data governance. The pressure to regulate how data is used is only increasing and data-related regulations continue to gain traction, showing no signs of slowing down across the globe, with the EU and China leading the charge.

Data governance is not a new concept, but designing and enforcing rules that will resist the test of time in a world of digital transformation, while ensuring that economic growth and the protection of society and individuals will not be at odds, is understandably difficult.

The difficulties ahead for data governance

  • Data must flow: the value of data lies in its mobility. It must be made available across the board (government-to-business, business-to-business, business-to-government, government-to-government);
  • Data hoarding without sharing, data monopolies (such as large online platforms), further creating power imbalances between players and market distortions;
  • Data interoperability and quality: poor quality and classification differences create significant interoperability issues, impeding combination of data from different sources;
  • Data infrastructures and technologies: digital transformation depends on secure, efficient, affordable and high-quality data processing capacities;
  • Individual rights: securing the rights of individuals on their personal data and providing them with easy ways to exercise those rights proves difficult (lack of tools, burdensome procedures, and so on);
  • Data value and ownership: determining ownership and modelling data value are a real headache;
  • Skills and data literacy:no secret here, there is a critical skills shortage in the information and communication technology (ICT) sector at large, digital literacy in the general population is still low;
  • Cybersecurity: the power of data cannot be unleashed without security;
  • Fragmentation: countries or regions have historically had very different approaches to regulating data, ICT, cybersecurity, among others.

The European way

The EU has devised strategies to tackle the data challenges. One of them is the EU data strategy,[6] which is part of the larger Digital Single Market Strategy. Indeed, making Europe fit for the digital age is one of the European Commission’s six political priorities.[7]

The EU data strategy requires a strong, common data governance that will ensure Europe’s global competitiveness and data sovereignty, i.e., moving from individual national markets to one single EU-wide data rulebook. Without common data governance, there will be no single data market, but instead stunted EU economic growth and competitiveness.

The grounding principle is that data is no longer just a by-product of technology: it is about “a society empowered by data to make better decisions, and it must place the interests of the individual first, in accordance with European values, fundamental rights and rules”.[8]&[9]

How does this translate in concrete measures?

Well, the EU Data Strategy is built on four pillars, with the welfare of humans at its centre.

The first pillar consists of horizontal governance: a cross-sectoral governance framework for data access, use and security. A flurry of regulations has already been enacted (such as the famed General Data Protection Regulation, the regulation on the free flow of non-personal data, the Open Data Directive, the Cybersecurity Act, the Network and Infrastructure Directive) and with more in the works (the proposed Data Governance Act).

The second pillar concerns ‘enablers’: EUR 2 billion-worth of investments in data and strengthening capabilities and infrastructure for hosting, processing, use of data and interoperability.

The third pillar consists in empowering individuals, investing in skills and in small and medium-sized enterprises.

The fourth pillar aims to create ‘common European data spaces’ in strategic sectors and domains of public interests,[10] thereby boosting data mobility. The aim is to enable pooling of data from public bodies, business and citizens for safe and fair use for the common good, with structures set up to enable data sharing, supported by the concept of ‘data altruism’.

As to AI, the EU is also progressing fast, with the recent and first-ever legal framework proposal on AI—again, human-centric, aligned with EU rules, values and fundamental rights—aiming at giving citizens confidence in AI systems. [11]

The framework takes a risk-based approach, with four different levels: (1) AI or use of AI considered unacceptable, which shall be banned; (2) high-risk AI systems subject to strict obligations before they can be put on the market; (3) limited risk AI systems with specific transparency obligations; and finally (4) minimal risk systems, which can be used freely.

Data governance is indeed on the rise, paving the way for the coming decades and trying to balance the need to support economic growth and the protection of individuals and society at large. Hopefully, it will succeed, though we will all need to be watchful participants.

Isabelle Hajjar is the head of Compliance Cybersecurity and Privacy for TekID, a digital security consulting firm, focussing on identifying and tackling the risks an organisation faces in the digital sphere. With a tri-expertise in legal and compliance, information security and operation, and with a forensics lab, TekID provides a holistic approach to digital security with applicable and comprehensive solutions.

[1] One zettabyte is approximately equal to a billion terabytes​, or a trillion gigabytes.

[2] Statista, subscription service, < >

[3] Data Age 2025, IDC report, sponsored by Seagate Technology

[4] The European Data Market Monitoring Tool, datalandscape, <>

[5] Kendra Schaefer, Data factors, China’s new thinking on data policy, Trivium China, presentation at EU SME Centre and European Chamber policy meeting on data governance, 28th June 2021.

[6] A European strategy for data, COM (2020) No. 66, 19th February 2020.

[7] The other political priorities of the EU being ‘A European Green Deal’, ‘An economy that works for people’, ‘A stronger Europe in the world’, ‘Promoting the European way of life’ and ‘A new push for European democracy’.

[8] A European strategy for data, COM (2020) No. 66, 19th February 2020.

[9] These values and fundamental rights being respect for human dignity, freedom, democracy, equality, the rule of law and respect for human rights, Article 2 of the Treaty of the European Union (TEU); and additionally, non-discrimination, the right to the protection of personal data, and the right to get access to justice, Charter of Fundamental Rights.

[10] Nine initial Common European data spaces have been identified: industrial, green deal,  mobility, health, financial,  energy, agriculture, public administrations and skills.

[11] Proposal of regulation for ‘harmonised rules on AI’ (Artificial Intelligence Act), 21st April 2021.