All too often, data is extracted and processed far removed from its source, serving the interests of the organizations that collect it rather than the people it impacts. This is why it’s important to explore new ways to govern data: to shift control back to individuals and communities, to strengthen their agency, and to share value. Mozilla is working to change this paradigm.
Changing this requires system-level change, but opportunities to implement new ideas for better data governance also exist within existing paradigms and legal frameworks. Builders can shape new norms by leveraging opportunities present in existing rules. But to do so, they need a firm understanding of current realities. This research and the guides we have created for four countries — Germany, India, Kenya, and the United States — aim to help them navigate existing legal landscapes so they can help pave the way for better data governance in the future.
We know about the inequities that data-driven products can create. It’s time to build better and differently.
J. Bob Alotta
Vice President of Global Programs, Mozilla Foundation
How can this guide help?
The goal of this research is twofold:
- To provide builders with an overview of the current (and changing) legal landscape governing the collection, management, sharing, and use of data in their country
- To identify opportunities for what we call “alternative data governance” models within existing legal landscapes — specifically, where the regulatory status quo offers pathways to implement new approaches that shift power from data collectors to data subjects — that create meaningful incentives for the benefits of data to be shared between various parties and enable data to serve individual or collective interests
The resulting guides are a reference that does not need to be read from cover to cover in a linear way; you can simply dip in and out of different sections as needed.
What can be built where? A preview of different approaches to data governance
Inspired by the idea of cooperatives, data co-ops are collectively owned and democratically governed associations that manage and leverage data collected from their members.
With the crowdsourced data commons approach, data is pooled and collectively governed by a community toward a common purpose and to enhance access to data.
Data altruism as envisioned by the EU’s Data Governance Act is characterized by people or organizations voluntarily sharing their data to create data pools that can help advance the common good.
Data law and data governance can take different shapes and forms across the globe — we learned this firsthand from what our researchers found. You will see that the reports vary in length and focus as our researchers took different approaches according to local context; they reflect distinct features of each jurisdiction as well as differences between them, including how prominent some of the concepts at the heart of the research actually were.
Against this backdrop, several lessons stood out:
Current regulatory frameworks allow for innovation and experimentation in data governance.
What Mozilla calls alternative data governance is — for the most part — not really considered in data governance-related law. But that doesn’t mean these approaches cannot be implemented under the legal status quo. For example, cooperative governance can already be used to make decisions about co-op members’ data. Similarly, builders can leverage contracts to strengthen the rights of data subjects and communities. At the same time, with concepts like data trusts, it’s still unclear how or whether they can be implemented under trust law. But there are other approaches inspired by trusts that may serve the same purpose. Additionally, approaches focusing on data “ownership” are contested and could create new inequities in their own right.
Legal regimes vary widely across countries.
Although more and more countries around the world are passing data protection laws, the legal landscape still varies significantly. Germany, for example, is governed not only by national law but, crucially, also by legislation passed at the EU level. Data law in the EU is advanced and continuing to evolve, with a new wave of data-focused legislation either taking effect or currently under negotiation. Meanwhile, legal frameworks for data governance are emerging in India and Kenya. While Kenya’s 2010 constitution enshrined the right to privacy, which resulted in the passage of a data protection law in 2019, India is currently in the process of developing its own data governance regime. And the U.S. still lacks comprehensive federal data protection regulation and relies mostly on a self-regulatory approach.
Concepts like alternative data governance and data stewardship haven’t gained traction uniformly across the world.
These ideas are reflected in local debates and research around data governance to varying degrees, confirming findings from our previous research. While, for example, data cooperatives and trusts have gained traction in debates in the EU and U.S., they have not galvanized widespread attention or support in Kenya and India. The EU has further integrated certain approaches into its Data Governance Act. It is therefore important to pay close attention to local needs and demand in determining what approaches may or may not hold promise within the local context. It is also important to make the discourse around this topic more accessible and to better integrate perspectives and experiences from the Global South.
Different regulatory frameworks can determine what can and can’t be built.
There are many different ways in which builders can try shifting control and value generated from data back to individuals and communities. But context matters. There is no one-size-fits-all approach to solving the challenges posed by today’s data economy and different rules and regulations — or the lack of legal guardrails — create different opportunity structures.
Data for Empowerment
Explore Mozilla's collaborative research series for the Data Futures Lab and learn with us about how power can be shifted through data governance.Check out our research collection
We would like to thank Stefan Baack, Christian Djeffal, Lisa Gutermuth, Solana Larsen, Verena Müller, and Kasia Odrozek, who have provided valuable feedback on this work. We also thank Kristina Shu and Nancy Tran from Mozilla Foundation’s design team for their support in designing this report. Ran Zheng created the illustrations you’ll find throughout these pages. Thanks are further due to J. Bob Alotta, Champika Fernando, Mehan Jayasuriya, EM Lewis-Jong, Jackie Lu, Anouk Ruhaak, Udbhav Tiwari, and Richard Whitt for informing the direction of this project.
This work was led by Mozilla’s Insights team. Eeva Moore led design and engagement work, Kenrya Rankin edited the research, and Neha Ravella provided project management support. Maximilian Gahntz was the project lead.
The content of these reports does not constitute legal advice. Please seek the advice of a qualified attorney.
This work is licensed under the Creative Commons Attribution 4.0 (BY) license, which means that the text may be remixed, transformed and built upon, and be copied and redistributed in any medium or format even commercially, provided credit is given to the author. For details go to http://creativecommons.org/licenses/by/4.0/.