Since the emergence of big data, the attention on legitimate and transparent data collection, management, and analytics is now at a fever pitch. To better protect the welfare of their citizens, guarantee national security and safeguard their sovereignty and competitiveness, governments around the world have introduced privacy laws and data protection regulations.
Fragmented approach
In the early Internet era, most of the data captured in databases were Personally Identifiable Information (PII) and metadata.
General Data Protection Regulation (GDPR) is a game-changing piece of regulation that dictates and governs how the European Union’s citizens’ PII is used, stored, and shared. Since its formulation, public agencies, private corporations, and non-governmental organisations have established internal data governance practices to comply with GDPR and similar regulations.
This includes Brazil’s General Data Protection Law, China’s Personal Information Protection Law, Japan’s Act on the Protection of Personal Information, and South Africa’s Protection on Personal Information Act.
Despite all the effort, the global regulatory environment remains very fragmented. In the US, for example, there is no common consensus to handle PII among the different states and industry actors.
Navigating through all these regulatory requirements across different jurisdictions is very time-consuming and exhausting. In addition, the classification of new PII, such as audio recordings and IP addresses, remains unclear.
Universal approach
In the ABI Research, Data Governance: Definitions, Challenges, and a Universal Framework, the researcher argues that the current laws and regulations do not go far enough. A new universal data governance framework must be introduced to address the data governance needs in emerging technologies.
“A new data governance framework that introduces the broader definition of PII can go a long way to protect customer rights and privacy,” posits Lian Jye Su, principal analyst at ABI Research.
He adds that as the world is becoming increasingly interconnected and information flow shifts rapidly towards digital platforms, these data do not respect national boundaries. “A universally accepted and well-defined data governance framework can reduce regulatory complexity and remove barriers for adoption,” he opines.
More importantly, most, if not all, of these regulations are not futureproof. As of 2022, all data protection regulations focus on PII.
While PII remains critical for certain verticals such as social media, sales and marketing, and banking and finance, other enterprises are processing an increasing amount of machine-generated data, geospatial data, and synthetic data for emerging technologies, such as Real-Time Location Services (RTLS), cloud and edge AI applications, autonomous driving, digital twin, and the metaverse. As enterprises adopt and deploy these technologies in their daily operation, they are also adopting cutting edge data management and processing techniques.
“A universal data governance framework can introduce regulations to prevent malicious usage of data types beyond PII. The framework can guide enterprises on the right mechanism when dealing with distributed and large-scale data collection, processing, and storage. It can also help to ensure data identification, accessibility, interoperability, and reusability,” elaborates Su.
Ideally, this new data governance framework should be designed by internationally recognised standard development organisations, such as the International Organisation for Standardisation (ISO) or the International Telecommunication Union (ITU).
Furthermore, it must be universally accepted, forward-looking, and focuses on fairness, equality, and data sovereignty.
Su says emerging technologies have proven to be great tools to eliminate economic inequality, promote digital literacy and accessibility, and empower marginalised communities.
He cautions, however, that how they collect and store data can cause legitimate concerns around data sovereignty, commercial malpractices, and cybersecurity.
“Therefore, the industry must work together to develop a universal data governance framework that can minimise these concerns and allow the technologies to reach their full potential,” concludes Su.