2. Checklist for assessing and designing data governance policies

Abstract

This chapter presents a checklist for policy makers in any domain to review data governance policies and assess whether they address key policy tensions and achieve related objectives effectively. The policy tensions considered are the need to balance data openness and control while maximising trust; to manage overlapping and potentially conflicting interests and regulations related to data governance; and to incentivise investments in data and their effective re-use. Although these three tensions and objectives are common across most policies for data governance, not all questions and policy solutions will be relevant to all contexts.

    

In Table 2.1 the first column indicates the policy tension and related objective. The second column provides specific questions relating to that tension and links to the relevant subsection in Chapter 3. The last column highlights promising policy approaches that are explored further in Chapter 3. This includes how governments or the private sector have implemented these approaches, as well as references to relevant OECD Recommendations.

For example, to help government balance data openness and control while maximising trust, the checklist includes the following question: Does the policy support the adoption of technological and organisational measures? It then refers the reader to subsection 3.1.4 that elaborates on possible approaches to enable trusted data access and sharing through technological and organisational measures, such as data access control mechanisms, data intermediaries and privacy-enhancing technologies.

Table 2.1. Checklist for data governance policies

Cross-cutting policy tensions and objectives

Policy questions

Examples of policy approaches

Balancing data openness and control while maximising trust (section 3.1):

How policies can maximise the benefits from data access, sharing and re-use across organisational and national borders, while addressing related risks, including the protection of the rights of individuals and organisations.

Does the policy foster a culture of risk management and transparency across the data ecosystem? (subsection 3.1.1)

Recommend the systematic implementation of risk management measures throughout the data value cycle. Promote transparency, considering the risk of information overload and other cognitive biases.

Does the policy leverage the full spectrum of the data openness continuum? (subsection 3.1.2)

Design data governance arrangements that leverage different possible degrees of data openness, striving to be as open as possible and as closed as necessary.

Does the policy provide options and tools to enhance users’ agency and control over data? (subsection 3.1.3)

Formulate different consent models that allow individuals to exercise control while enabling business opportunities to benefit from data openness.

Empower stakeholders through appropriate mechanisms such as data portability.

Does the policy support adoption of technological and organisational measures to maximise trust? (subsection 3.1.4)

Provide data access control mechanisms, data intermediaries (e.g. data trusts, data commons, Personal Information Management Systems) and privacy-enhancing technologies.

Does the policy enhance the interoperability of data across organisations, including within and across the public and private sectors? (subsection 3.1.5)

Provide data together with any required complementary resource, including metadata, documentation, data models and algorithms.

Managing overlapping and potentially conflicting interests and regulations related to data governance (section 3.2):

How policies can balance the overlapping and sometimes conflicting interests of stakeholders in data governance and clarify the relationship between different frameworks affecting data governance.

Does the policy identify and consider the contribution of different stakeholders in the data value cycle, including by promoting multi-stakeholder engagement? (subsection 3.2.1)

Map impact on different stakeholders at different phases of the data value cycle to assess whether it reflects reasonable expectations and the public interest.

Engage relevant stakeholders in the data ecosystem to identify their different interests and roles in data-driven value creation through open and inclusive processes.

Does the policy support cross-agency co-operation to help reconcile different domestic frameworks affecting data governance? (subsection 3.2.2)

Encourage co-operation across the various regulatory and policy areas, including competition, privacy, consumer protection, as well as sector-specific regulators.

Does the policy leverage contract to clarify and strengthen data governance? (subsection 3.2.3)

Collaborate with the private sector on voluntary guidance, codes of conduct, ethics frameworks and model contracts.

Use public procurement to promote good data governance standards.

Does the policy promote international regulatory co-operation to reconcile data governance across countries and enable cross-border data flows with trust? (subsection 3.2.4)

Promote interoperability of data governance frameworks to enhance cross-border data flows while protecting legitimate interests.

Promote continued dialogue and international co-operation on ways to foster data access and sharing across countries.

Incentivise investments in data and complementary resources (section 3.3):

How policies can provide incentives for investments in data and their effective re-use.

Does the policy promote appropriate knowledge and skills for responsible data sharing and use? (subsection 3.3.1)

Identify gaps and formulate strategies to develop and maintain the skills and infrastructures needed.

Establish partnerships and data analytic support centres for development of data-related skills and the supply of data analytic expertise.

Does the policy foster investments in and adoption of financially viable information and communication technology infrastructures for data openness? (subsection 3.3.2)

Promote adoption of data storage, processing and analytic services, especially for small and medium-sized enterprises.

Promote adoption of new business and revenue models needed for data openness infrastructure.

Promote adoption of shared data infrastructures. (e.g. interoperability buses) in the public and private sector and of the “once-only” principle in the public sector.

Does the policy foster competition in data-driven markets and address barriers to entry for new firms? (subsection 3.3.3)

Assess the contribution of data to market power.

Consider asymmetric approaches to ensure that competition measures address large incumbents and do not create barriers to entry for new firms.

Does the policy promote standardised approaches for evaluating the social and economic value of data? (subsection 3.3.4)

Support promising approaches for valuing data, including in the context of the System of National Accounts and including efforts to measure their social value.

Metadata, Legal and Rights

This document, as well as any data and map included herein, are without prejudice to the status of or sovereignty over any territory, to the delimitation of international frontiers and boundaries and to the name of any territory, city or area. Extracts from publications may be subject to additional disclaimers, which are set out in the complete version of the publication, available at the link provided.

© OECD 2022

The use of this work, whether digital or print, is governed by the Terms and Conditions to be found at https://www.oecd.org/termsandconditions.