The development of public policy involves trade-offs. The effects of data policy on issues such as technology adoption, economic growth, trade, privacy, security, and other issues should be intentional not accidental.
How policy-makers execute these trade-offs will depend on a wide range of factors, including evolving priorities over time, and the values and ethics rooted in different cultural experiences. No single right answer exists for every country nor is there one bounded set of universal principles. There are, however, commonly accepted, high-level strategic principles that can serve as a starting point.
Important takeaways from this report are:
– There is a need for a common and consistent risk-based framework to help policy-makers identify and understand objective privacy risks to individuals. This does not predetermine policy choices with respect to risk mitigation.
– Stakeholders should frequently and regularly evaluate the context for the intended use of data and the purpose for which it is collected, created, stored, used, processed, disclosed or disseminated.
– Meaningful accountability and consistent enforcement mechanisms are essential for any effective data protection framework and strategy.
– The Fair Information Practice Principles (FIPPs) remain conceptually relevant but need to be adapted to the rapid technological change of the Fourth Industrial Revolution. Innovative technologies will support different applications of the FIPPs and will require frequent reassessment as technology evolves.
– The building blocks to trust are similar to – but different from – FIPPs. Trust must be fostered for data to be used effectively towards innovation. Overall, trust is at a low ebb in most countries surveyed. Effective data policy plays an important role in bridging the current gap.
– The private sector and governments must provide guardrails to help address and minimize harms to build a culture of trust, but must also use policy-making to support the appropriate and beneficial uses of data.
– Security should not be an afterthought when rapid development and deployment of initiatives is taking place. Policy-makers must create incentives for, and reward, strong security as part of technology innovation while recognizing that privacy and security are not synonymous.
– Diverse stakeholders representing different perspectives should be included in the policy-making process – including governments, business, academia and civil society. The common objective should be to harness data for the common good.
– New governance structures are needed to manage digital transformation and to protect digital infrastructure, services and data.
– New frameworks must be able to address the wide range of digital products, services and platforms that exist today as well as services yet to be developed. Policy- makers must understand that ambiguity can lead to lack of flexibility and uncertainty.
This report calls for continued emphasis on outcome-based policy approaches that focus on measurable results rather than rigid compliance checklists. It also calls for ongoing engagement in multistakeholder dialogue and the sharing of knowledge on national data policy through use-cases that can inform and guide leaders in an array of emerging data-protection challenges.
With a richer and more nuanced understanding of complex data challenges, leaders will have a better understanding of how to deploy data policy that best supports their technology agenda while engendering trust.
© 2018 World Economic Forum, All rights reserved.