Stay up-to-date with what we are doing

Primer 5: Establishing Governance Frameworks

Creating safeguards to mitigate risks of harmful outcomes

Posted on 22nd of March 2021 by Andrew Young, Kateryna Gazaryan, Stefaan Verhulst, Andrew Zahuranec

Primer 5: Establishing Governance Frameworks
Primer 5: Establishing Governance Frameworks

Download the Primer


Even 20 years into the digital revolution, rules and regulations dictating data usage remain sparse. While this failure offers additional flexibility to some, the broader effect is greater uncertainty about risk. Organizations do not understand how to respond coherently when data is abused or misused. Ad hoc responses to daily challenges have eroded public trust and damaged institutional credibility. Organizations have an obligation to create and foster safeguards to protect themselves and data subjects from harm. Institutionally, these safeguards can take the form of clear, public organizational policies about when and how an organization will share and re-use data. Societally, organizations can encourage governmental, inter-governmental, and international bodies to regulate data or create portals to facilitate data re-use.


Determining a Fit-For-Purpose Governance Model:  Organizations have different needs depending on the issues they work on and the people they work with. Before starting a data project, organizations face the challenge of developing governance mechanisms that can reflect their specific circumstances. If working on a sensitive topic, an organization might seek out experts who can support ethical decision-making. If working on an issue that has implications for the general public, an organization might seek public comment and engagement. 

Codifying End-to-End Data Responsibility: Data is not static but exists on a cycle. As part of a commitment to data responsibility, actors can assess and seek to prevent risks across the full data life cycle, including the collecting, storing and preparing, sharing, analyzing and using stages. This concept is called end-to-end data responsibility. It is essential for preventing harm and ensuring trust.

Identifying (or Creating) an Appropriate Data License: Data licensing regimes, as such, provide a way to secure and promote the re-use of data, either among a set of actors or among the public. They promote this re-use and sharing by requiring interoperability, articulating permissions and conditions around use, redistribution, modification, separation, compilation, non-discrimination, propagation, and/or application. Selecting a fit-for-purpose data license requires assessing different licensing regimes benefits and challenges, and could potentially involve the development of a new, customized data license to meet organizational needs. 


The Responsible Data Re-Use Framework: The Responsible Data Re-Use Framework is a report seeking to identify appropriate data re-use standards amid COVID-19 in New York. It is the product of deliberations with data holders, civil rights advocates, and the public.

Contractual Wheel of Data Collaboration: A visual representation of the key elements involved in data collaboration developed by The GovLab. 

Leveraging Private Data for Public Good: A report outlining the different structures through which data collaboration can take place. 

Laying the Foundation for Effective Partnerships: A report describing good practices in creating fit-for-purpose Data Sharing Agreements to support responsible cross-sector data collaboration. 

Report on Collected Model Contract Terms: A report from the EU Support Center for Data Sharing outlining common strategies and best practices for data licensing.

United Kingdom Data Ethics Framework: Guidance from the United Kingdom’s government digital service outlining how public sector organizations might appropriately and responsibly use data.

Back to the Blog

Supported by