4. Policy considerations
Data are a building block of the digital economy. Drawing on the body of work realised across the OECD, this chapter provides considerations for policy makers when developing or revising data governance policies. It highlights that policy choices need to promote growth, well-being, innovation and competition through increased access to and use of data. However, policies must ensure that incentives and safeguards exist for data to be collected and processed in a responsible manner that appropriately manages the risks of increasing data openness, including to individual privacy.
The main characteristics of data, including their non-rivalry, the presence of externalities and their co-generation, as well as the spectrum of excludability, imply that the generation and use of data can involve multiple actors and applications. In addition, they can have effects that ripple across interrelated issues and concerns. Use of data also allows products and services to cut across previously well-established boundaries between markets, jurisdictions and regulations. This indicates that policies to govern data should be developed in a whole-of-government manner, with due account to potential spillovers.
Navigating these common policy tensions may require co-operation between parts of the government and sectors that may not have interacted beforehand or that may have different objectives. Departments and authorities concerned with issues such as consumer protection, privacy enforcement, competition, health, finance and economics, financial stability and other regulators may all also need to collaborate. In this way, they can ensure that data governance arrangements (from policies to regulation and technical platforms) are appropriately holistic to manage risks and benefit from these opportunities. The Going Digital Guide to Data Governance Policy Making provides a conceptual foundation drawing on real-life examples from countries, and a checklist to support governments in doing so. National data strategies may help ensure that policy objectives and tensions underlying data governance are evaluated in a holistic manner, foster co-ordinated data governance policies and enable increased and more responsible data access and sharing (OECD, 2022[1]; 2022[2]).
The digital economy is increasingly global and interconnected. The Internet enables data to flow easily across boundaries and forges new connections between individuals, firms and machines. Data are a highly mobile factor of production. Their non-rival nature implies the benefits of enabling their greater use could drive greater economic and social returns at the global level (see section 2.1). Nevertheless, although governments consider the international context, the ways in which countries enable data flows vary. In view of the spillovers underlying the use of data across the world, a growing number of international bodies and forums has called for international co-operation on data governance issues. These include the United Nations Conference on Trade and Development (2021[3]), the International Monetary Fund (2021[4]), the World Bank (2021[5]), the G7 (2022[6]) and the G20 (2019[7]). A key role for such international collaboration is the promotion of “trust” between a diverse set of stakeholders as a basis for enabling cross-border data flows and realising their benefits. In addition, efforts to further cross-border co-operation in regulatory matters, including for privacy enforcement, are also necessary for a global approach to data governance.
International dialogue in forums like the OECD can help promote data free flow with trust (OECD, 2022[8]), building on countries’ shared values and commonalities, complementarities and areas of convergence in instruments used to enable data to flow across borders (Casalini, López González and Nemoto, 2021[9]). The OECD Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (hereafter the OECD Privacy Guidelines) (OECD, 2013[10]) have played a foundational role in this respect. Ongoing work to develop principles on government access to personal data held by the private sector (OECD, 2022[11]) seeks to fill gaps at the international level. Interoperability of privacy regimes, introduced in the 2013 revision of the OECD Privacy Guidelines, has been increasingly considered a means to promote data free flow with trust (Robinson, Kizawa and Ronchi, 2021[12]; OECD, 2022[8]).
As outlined in the Going Digital Guide to Data Governance Policy Making (OECD, 2022[1]), data governance issues are characterised by policy tensions with respect to overlapping interests related to data governance. These, in turn, can affect incentives and disincentives to invest in data, and policy decisions related to the access, use and control of data. New organisational and technical mechanisms, including data intermediaries and privacy-enhancing technologies (PETs), as discussed in section 3.5, can complement other means of policy making in resolving some of these tensions.
Organisational measures also show some promise in enabling control, access to and use of data in such a way that would allow only approved users (including data subjects), within and across organisational borders, to access and use data. For example, data intermediaries can enable data access and sharing under commercial or non-commercial agreements (OECD, 2021[13]) by helping manage control over data. Some notable examples, including trusted data-sharing platforms or data trusts, often also feature the application of PETs.
PETs can help increase user control and confidentiality of data while enabling their use by other actors. Data accountability tools, for example, enable data access, while ensuring limitations and restrictions are attached to, and follow, data as they are shared. For their part, data obfuscation tools limit the need for sensitive data to leave a data subject’s device or organisation, or alter the underlying data to preclude identification. Encrypted data processing tools enable computation of data without disclosure, while distributed analytics enable remote processing of data within common networks. However, developments in data analytics and artificial intelligence, alongside the increasing volume and variety of available data sets and the capacity to link these different data sets, have changed the landscape. The two factors have combined to make it easier to infer and relate seemingly non-personal or anonymised data to an identified or identifiable entity.
As digital technologies continue to evolve, so too will the policy concerns of data governance policies. However, technological development is inherently unpredictable. Digital technologies are deployed in an ever-increasing array of applications, which may raise new or different policy questions and considerations. Policies governing data, in turn, should seek to remain flexible, technologically neutral and sufficiently broad to remain resilient to technological change (OECD, 2022[14]).
Firms increasingly use data as part of their business, for innovation and productivity, but this uptake is uneven. Due to the qualities of data as a highly scalable, non-rival input, larger firms may be in a better position to make the investments needed to generate, collect and use data and reap productivity benefits. Recent OECD work highlights how such dynamics are affecting productivity dispersion and industry concentration, with implications for the inclusiveness and dynamism of the broader economy (OECD, 2022[15]).
It is therefore essential to encourage the use of data in a wider share of the firm population. Data portability mechanisms, for example, can enable firms to access data, while strengthening consumer control. Other mechanisms include policies to encourage firms to make complementary investments necessary to use data productively, as well as to address market failures in financing systems that may discourage investments in data and other intangible assets. Due to their specific characteristics and the widely acknowledged importance of building their resilience (OECD, 2022[16]), small and medium-sized enterprises (SMEs) may merit more targeted assistance from policy makers. However, the extent of policy efforts in this area vary greatly across countries. Based on a cross-country analysis of 485 policies and 209 institutions, recent OECD work finds a variety of different institutions are in charge of digital and data policy design and implementation. Most do not have SME and entrepreneurship policy as a core mandate (OECD, 2022[17]).
At the same time, amid concerns that data are largely collected and used by a small number of firms, policy interest on the role of data in affecting competitive dynamics has also grown. To assist policy makers, the OECD has identified considerations for assessing whether data contributes to market power (OECD, 2022[18]). It has also outlined how competition authorities may need to adapt analytical approaches to incorporate challenges related to data (OECD, 2022[19]; 2022[15]). In addition, data portability and interoperability mechanisms hold promise for realising pro-competitive data sharing. In recent years, they have attracted interest from competition policy makers. However, co-operation between competition and privacy enforcement authorities may be key to the success of potentially overlapping regulations with different objectives, requirements and scope.
Data clearly have value to firms, individuals and societies at large, and efforts to better measure their value should be encouraged. However, as outlined in Chapter 3, the characteristics of data often preclude the emergence of a market price. This can therefore stymy market- and income-based approaches (OECD, 2022[20]), requiring development of new or more inventive models.
With other international organisations and national statistical institutes, the OECD is developing guidance on implementation of the sum-of-cost approach. With such an approach, the value of data is derived on the basis of the costs incurred to produce them. As with other own-account intellectual property products, like software and research and development, sum-of-cost appears to be the most promising approach to estimate the value of data produced by a firm for its own use rather than for sale (ISWGNA, 2022[21]; OECD, 2022[20]). Developing international statistical guidelines for this approach in the measurement of data investments and assets is a key focus of the work of the OECD and the international statistical community in the coming years.
Similarly, adapting statistical frameworks and nomenclatures to better identify data products, and the firms that produce them, could help shed light on the value of data. In addition, advancing efforts to measure cross-border data flows is crucial in view of increasing policy efforts in this domain. Measurement agendas should also seek to better understand and quantify the value of data and their use not captured in economic statistics, including for society at large (OECD, 2022[20]).
The OECD provides multidisciplinary, evidence-based advice across policy domains transformed by data and on the role of data and data governance in economies and societies. The OECD has been at the forefront of developing policy guidance for technology and data governance, including Recommendations of the Council on Access to Research Data From Public Funding (OECD, 2021[22]), Enhancing Access to and Sharing of Data (OECD, 2021[13]), Health Data Governance (OECD, 2019[23]) and Artificial Intelligence (OECD, 2019[24]). The OECD is also developing evidence-based policy analysis in these areas, including furthering fundamental improvements in measurement frameworks, as well as promoting international regulatory co-operation (OECD, 2021[25]).
These efforts are essential to shaping global governance frameworks, particularly as developments in OECD countries proliferate easily in an interconnected world. The OECD provides a platform for shared learning among countries to help develop policies to realise the potential of data for social and economic prosperity around the world. As a trusted forum for evidence-based, multi-disciplinary and multi-stakeholder policy analysis and international dialogue, the OECD can help governments better govern data in the digital age.
References
[9] Casalini, F., J. López González and T. Nemoto (2021), “Mapping commonalities in regulatory approaches to cross-border data transfers”, OECD Trade Policy Papers, No. 248, OECD Publishing, Paris, https://doi.org/10.1787/ca9f974e-en.
[7] G20 (2019), G20 Osaka Leaders’ Declaration, G20 2019 Japan, https://www.mofa.go.jp/policy/economy/g20_summit/osaka19/en/documents/final_g20_osaka_leaders_declaration.html.
[6] G7 (2022), G7 Action Plan for Promoting Data Free Flow With Trust, G7 Germany 2022, https://bmdv.bund.de/SharedDocs/DE/Anlage/K/g7-praesidentschaft-final-declaration-annex-1.pdf?__blob=publicationFile.
[4] Haksar, V. et al. (2021), “Toward a global approach to data in the digital age”, IMF Staff Discussion Note, International Monetary Fund, Washington, DC, https://www.imf.org/en/Publications/Staff-Discussion-Notes/Issues/2021/10/06/Towards-a-Global-Approach-to-Data-in-the-Digital-Age-466264.
[21] ISWGNA (2022), Recording of data in the National Accounts, Intersecretariat Working Group on National Accounts, https://unstats.un.org/unsd/nationalaccount/RAdocs/DZ6_GN_Recording_of_Data_in_NA.pdf.
[14] OECD (2022), “Data in an evolving technological landscape: The case of connected and automated vehicles”, OECD Digital Economy Papers, No. 346, OECD Publishing, Paris, https://doi.org/10.1787/ec7d2f6b-en.
[15] OECD (2022), “Data shaping firms and markets”, OECD Digital Economy Papers, No. 344, OECD Publishing, Paris, https://doi.org/10.1787/7b1a2d70-en.
[17] OECD (2022), Financing Growth and Turning Data into Business: Helping SMEs Scale Up, OECD Studies on SMEs and Entrepreneurship, OECD Publishing, Paris, https://doi.org/10.1787/81c738f0-en.
[8] OECD (2022), “Fostering cross-border data flows with trust”, OECD Digital Economy Policy Papers, No. 343, OECD Publishing, Paris, https://doi.org/10.1787/139b32ad-en.
[1] OECD (2022), Going Digital Guide to Data Governance Policy Making, OECD Publishing, Paris, https://doi.org/10.1787/40d53904-en.
[11] OECD (2022), “Government access to personal data held by the private sector”, Statement by the OECD Committee on Digital Economy Policy, https://www.oecd.org/digital/trusted-government-access-personal-data-private-sector.htm.
[20] OECD (2022), “Measuring the value of data and data flows”, OECD Digital Economy Papers, No. 345, OECD Publishing, Paris, https://doi.org/10.1787/923230a6-en.
[19] OECD (2022), OECD Handbook on Competition Policy in the Digital Age, OECD, Paris, https://www.oecd.org/daf/competition/oecd-handbook-on-competition-policy-in-the-digital-age.pdf.
[16] OECD (2022), Recommendation of the Council on SME and Entrepreneurship Policy, OECD/LEGAL/0473, OECD, Paris, https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0473.
[2] OECD (2022), “Responding to societal challenges with data: Access, sharing, stewardship and control”, OECD Digital Economy Papers, No. 342, OECD Publishing, Paris, https://doi.org/10.1787/2182ce9f-en.
[18] OECD (2022), “The evolving concept of market power in the digital economy”, OECD Competition Background Note, OECD, Paris, https://www.oecd.org/daf/competition/the-evolving-concept-of-market-power-in-the-digital-economy-2022.pdf.
[25] OECD (2021), International Regulatory Co-operation, OECD Best Practice Principles for Regulatory Policy, OECD Publishing, Paris, https://doi.org/10.1787/5b28b589-en.
[22] OECD (2021), Recommendation of the Council concerning Research Data from Public Funding, OECD/LEGAL/0347, OECD, Paris, https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0347.
[13] OECD (2021), Recommendation of the Council on Enhancing Access to and Sharing of Data, OECD/LEGAL/0463, OECD, Paris, https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0463.
[24] OECD (2019), Recommendation of the Council on Artificial Intelligence, OECD/LEGAL/0449, OECD, Paris, https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0449.
[23] OECD (2019), Recommendation of the Council on Health Data Governance, OECD/LEGAL/0433, OECD, Paris, https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0433.
[10] OECD (2013), OECD Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, OECD/LEGAL/0188, OECD, Paris, https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0188.
[12] Robinson, L., K. Kizawa and E. Ronchi (2021), “Interoperabiltiy of privacy and data protection frameworks”, OECD Going Digital Toolkit Notes, No. 21, OECD Publishing, Paris, https://doi.org/10.1787/64923d53-en.
[3] UNCTAD (2021), Digital Economy Report 2021, United Nations Conference on Trade and Development, Geneva, https://unctad.org/page/digital-economy-report-2021.
[5] World Bank (2021), World Development Report, World Bank, Washington, DC, https://www.worldbank.org/en/publication/wdr2021.