The design of a data governance system

BIS Papers  |  No 124  | 
05 May 2022

Technological developments over the last two decades have led to an explosion in the availability of data and their processing. Consumers often do not know the benefits of the data they generate, and find it difficult to assert their rights regarding the collection, processing and sharing of their data.  We propose a data governance system that restores control to the parties generating the data, by requiring consent prior to their use by service providers. The system should be open, with consent that is revocable, granular, auditable, and with notice in a secure environment. Conditions also include purpose and use limitation, data minimisation, and retention restriction. Trust in the system and widespread adoption are enhanced by mandating specialised data fiduciaries. The experience with India's Data Empowerment Protection Architecture (DEPA) suggests that such a system can operate at scale with low transaction costs.

JEL classification: G28, H41, K00, L17, L51, O33.

Keywords: Data governance, big techs, data-sharing, data taxonomy, consent framework, account aggregators, General Data Protection Regulation (GDPR), Data Empowerment Protection Architecture (DEPA).