Data governance has become a catch-all term, used to describe everything from data quality and metadata to privacy, compliance, and digital strategy. This ambiguity is not harmless: when concepts remain unclear, responsibilities blur and decisions stall. Demystifying data governance therefore requires two things: clarifying how it relates to neighboring concepts, and understanding the components and trends that are reshaping governance in an AI- and data-intensive world.

Our new resource, What Is Data Governance? 30 Questions and Answers, is designed to demystify the concept. Instead of offering yet another definition, it takes one already tested through the Broadband Commission's Data Governance Toolkit and it clarifies how data governance relates to terms like data management, stewardship, privacy, and compliance. 

The Q&A uses the same working definition as the Toolkit: data governance involves the processes, people, policies, practices and technology that seek to govern the data lifecycle toward meeting the purpose of increasing trust, value, and equity, while minimizing risk and harm in alignment with a set of core principles. 

While this may sound abstract, the entire Toolkit makes it actionable.

The definition breaks governance into four questions any organization must answer:

• Why – What vision and purposes should data governance serve here?

• How – Which principles will guide decisions and implementation of practices across the lifecycle?

• Who – What people carry which responsibilities, and with what legitimacy?

• What – What concrete policies, procedures, and technologies will we implement to meet the purpose and comply with the principles?

The Q&A runs through six sections. Foundations clarifies the differences between governance and adjacent concepts such as strategy, management, ethics, privacy, and AI governance—often conflated in practice. Later sections cover purpose and vision, principles, legitimacy and agency (including Indigenous data sovereignty and Digital Self-Determination), participation and accountability, lifecycle practices, sector-specific regimes, cross-border flows, and emerging trends. Throughout, the emphasis is on operationalization: translating principles into processes, roles, contracts, and tools. 

Why now? 

Because organizations are under simultaneous pressure to use data more intensively (innovation, AI, evidence-based policy, crisis response) while navigating expanding legal, ethical, and geopolitical constraints. Governance is no longer an IT niche: it’s central to public trust, regulatory scrutiny, and the capacity to reuse data responsibly across silos and borders.

This Q&A fills that gap:

• As a primer for those needing an integrated overview

• As a workbench for practitioners designing frameworks or running workshops

• As a translation layer connecting debates on Indigenous data sovereignty or Digital Self-Determination with mainstream governance discourse

By aligning with the Data Governance Toolkit and international guidance, it sits within a broader shift toward human-rights-based, stewardship-oriented governance that respects subsidiarity, proportionality, and sectoral realities.

A living document: your feedback

This Q&A isn't meant as the final word. The 30 questions emerged from real engagements with policymakers, regulators, practitioners and researchers and they're almost certainly incomplete. New technologies, business models, and legal developments will raise fresh questions.

We see this as a living document that should evolve alongside practice. We especially welcome feedback on:

• Clarity: Where are answers too abstract? Which distinctions remain blurry?

• Gaps: Which questions are missing, particularly from under-represented regions, communities, or institution types (small municipalities, community initiatives, Global South organizations)?

• Examples: Which case studies, playbooks, or tools have helped you move from principles to implementation?

Your insights can inform future iterations, including refining entries, adding new questions, and expanding the tools annex. This mirrors the governance model the GovLab advocates: treating norms as evolving arrangements that are continuously tested in practice, contested when necessary, and adapted in light of new evidence and experience.

Click here to access the resource.

If you have thoughts, critiques, or examples, please share them. Data governance will never fit into a single, perfect definition, but together we can build a shared, practical language for governing data in ways worthy of the trust we ask for.

Back to the Blog