Gregory F. Treverton and Pari Esfandiari
Big data is often perceived as the black gold of the twenty-first century. Despite its fundamental differences with oil, it is indeed as critical, a fact tragically underscored by the lack of data on testing and tracking during the pandemic. To boot, the pandemic may spawn a “9/11 moment,” in which people are scared and prepared to trade their privacy for increased security—this time in health. To the extent that data is governed, that governance is a fractal of how the internet is governed—scattered, bottom-up, and driven by loose coordination among many actors, most of them in the private sector.
Data is information, and big data is often seen as simply lots of data. Thus data, information, and big data overlap, and so too do the issues involved in governing them, ranging from the seemingly prosaic (in what country will data centers be located?) to questions bearing on the nature of democracy itself (how will false news and hate speech be policed, and by whom?). In the process, the ways data is collected, stored, protected, accessed, used, and transferred over national borders are becoming a geopolitical issue.
Any discussion of data governance inevitably must confront the differences in ideological visions of the internet and fundamental cultural values that divide countries and influence their policies. Moreover, issues in governing the digital domain overlap, cut across policy areas, and even conflict. The Organization for Economic Co-operation and Development (OECD) sets out three policy goals for the digital economy: “(1) enabling the internet; (2) boosting or preserving competition within and outside the internet; and (3) protecting privacy and consumers.” Needless to say, those goals may conflict.
The current status and prospects of governing data might be thought of along several lines of activity, which are interrelated, but which, for the sake of clarity and with some danger of oversimplification, are discussed in the following slices: legislating privacy and data use; regulating content; using antitrust laws to dilute data monopolies; self-regulation by the tech giants; regulating digital trade; addressing intellectual property rights (IPR) infringement; assuring cybersecurity; and practicing cyber diplomacy.
Looking across the slices makes clear that the assemblage of laws, treaties, agreements, regulations, and self-regulation today, as analysts Quest and Charrie put it, “lack transparency and coherence: The combination drives up the cost of innovation and doesn’t go far enough to encourage healthy competition or to protect the billions of people worldwide who now rely on the products and services tech companies produce.”
As this study illustrates, the digital age presents geopolitical and philosophical problems with complexity and speed beyond the capability of the existing global architecture and its institutions. We are addressing twenty-first-century problems with a twentieth-century mindset, approach, and toolkit that are all inadequate for dealing with the cross-border, complex, opaque nature of big data and cyberspace. This worrisome geopolitical context calls for an urgent Bretton Woods-style gathering to ensure that the most transformative technologies of our time do not spiral out of control into a world order we will come to regret.
The Digital-20 (D-20) is a new initiative launched by the Global TechnoPolitics Forum aiming to fill this void and to function as a bridge between the existing global architecture and the new geopolitical context. The D-20 would build upon the important work and initiatives led by the Bretton Woods institutions, the founding internet organizations, and other think tanks in establishing international codes and standards as well as demonstrating leadership. Still, in its infancy, D-20 in many respects is modeled after the G-20, with the new group broadening the scope of dialogue to new stakeholders and digitally mature ecosystems as well as shifting the focus to the key geopolitical challenges caused by emerging digital technologies. As an autonomous group with no executive power and no binding decisions, its primary impact lies in creating trust and peer-to-peer intimacy among members as they develop a shared diagnosis of potential problems and a common analytical framework in small, intimate convenings. Building on this trust, D-20 will strive to produce actionable and measurable outcomes.