The importance of new data sources for both human and economic development worldwide is clear. But where should the emphasis fall, on the economic opportunities of commoditising data and creating rules for its global trade that replicate, for instance, international financial assets or services? Or on the human development opportunities tied to the local use and control over digital resources? What role does sovereignty play in defining how data can be used and shared, and how should we define sovereignty over the digital?
For each of these questions, there exist different possible normative assumptions. One starts from a market-based vision and sees the benefits of the new data as primarily economic, based on the idea that data can be fully commoditised and therefore owned and traded like any other resource or service. This vision will invariably privilege the interests of those with the technological power to produce and process data, and with the geopolitical power to build and control markets. An alternative path, however, starts from the normative assumption that data not only represents people and their needs, but is inherently part of those lives and needs, and cannot be separated from those interests - even through the convenient technical and legal fiction of de-identification. Mobile phone or satellite data showing migrant paths through North Africa is closely tied to the wellbeing of those migrants; data on refugees’ consumption and informal work is tied to the ability of those refugees to take care of themselves and their families. States have a strong claim to data that affects people’s wellbeing, such as public health information and agricultural data.
While data is commonly described (according to the market-based normative vision) as a public good which can be used and reused with no marginal costs this is not true when it comes to big data. In this case, benefits accrue almost exclusively to those with the most computational resources and power to intervene. The playing field with regard to access and use is not even, and, as importantly, the monetisation of data very often conflicts with its role in public service and care. During the pandemic, it has become apparent that big tech companies are moving strategically into new spheres of influence where they bring norms and practices from their existing commercial and technical work to public-sector applications. This shift is taking place across fields including health, logistics, education or security services, in different parts of the world from Europe to Asia. As a result of the infrastructural power and market-making capacities of these corporations, there is an increasing crowding out of public sector expertise, coupled with increasing political and economic dependencies that have implications for democratic and regulatory processes. With the recent outage across Facebook, Instagram and Whatsapp, it became increasingly obvious that this outcome was not a problem of inconvenience for a few but an issue that critically impacted people’s livelihood as well as access to critical information and communication, on account of the synonymity between access to internet and access to these platforms.
With the disproportionate power that resides in some states and corporations to be able to produce, and control the flow of data, the time has come to determine a set of global norms that would provide what Michelle Bachelet has termed ‘guardrails‘ to build shared understandings and commitments about how data can be regulated justly at a global level. These guardrails cannot be established without a pluralistic negotiation of their underlying values and assumptions. The current normative discussion assumes that everyone affected by data agrees with the currently prevailing hegemonic market-based vision. This vision, however, plays mainly to the interests of higher-income states and multinationals, leaving other interests unrepresented and amplifying existing inequity.
It is in situations such as this where political and economic equilibria are at stake that norms are an important mediating tool. Norms are not principles, but mechanisms for preserving the essential functioning of the international community. They come to exist through a process of international commitment both to their content, and to the shared responsibility for ensuring they are not transgressed. Norms have a constitutive function in that they can create categories of permissible behaviour but also a constraining function to provide justifications that can reasonably limit and restrict certain kinds of behaviours. In doing so, norms provide a common vocabulary for making claims around issues of common concern; they can be used to build support, and to encourage action on certain issues. Norms as devices have seen application in environmental law for instance, in terms of the ‘polluter pays’ principle, wherein polluters bear responsibility for managing and repairing the damage caused to health, well-being and the environment on account of their actions. Norms also play an important role as global ‘red lines’ for state behaviour, in the form of peremptory norms (such as the prohibition of slavery or genocide) from which no derogation is possible.
In the digital context, where it is clear that access, infrastructure and the means to govern data are inequitably distributed, norms can provide the rationale and leverage for levelling the playing field and balancing power asymmetries between producers and consumers. This will require coordinated and pluralistic mediation at a global level to identify aspects of data that should be considered off-limits, or alternatively seen as indispensable and therefore the duty of particular actors in the digital sphere.
In order to build a set of norms, drawing from Winston’s conceptual approach of norm clusters, it would be important to have a shared sense of a problem as a first step. For instance, if we look at the example of incursions by big tech companies into new areas of interest and influence such as health, a potential problem that can arise is the thinning out of expertise and capacity in the public sector. Once we agree on a problem, for example the absence of a duty for public services to be delivered or guaranteed by the public sector, we must then as a second step connect a value to this. This could be, for example, that ensuring the ‘publicness’ of certain functions brings with it desirable forms of accountability in processes and legitimacy of outcomes. By doing so, as a third step, this requirement would provoke particular behaviours (in this case ensuring the ‘publicness’ of public functions), and thereby reinforce a commitment that public services need to be governed in line with democratic values.
Although there are many proposals for governing data internationally, none so far pay attention to the normative commitments they bring with them. A critical approach to those implied norms has the potential to level the playing field both between state and commercial actors, and in turn between both of those and civil society, offering a basis for the equitable negotiation of data governance rather than the current situation where might makes right, and data confers ‘power over’ rather than ‘power to’.
(Siddharth is a post-doctoral researcher at Tilburg Institute for Law, Technology and Society, Tilburg Law School & Linnet is a Professor of International Data Governance, Tilburg Institute for Law, Technology and Society, Tilburg Law School)