Mandula Moments: Risks and opportunities in an AI-driven world (Part 4)

Continuation from Part 3

Ownership, Control, and Governance of Data
One of the most critical questions in this new era is who will own and control the staggering amounts of data being generated. Data ownership and governance are complex, often controversial topics that span legal, ethical, and practical dimensions:

• Corporate vs Individual Ownership: As mentioned, individuals are the source of much data (through their behaviors, transactions, and sensors in their devices), yet it is typically corporations that aggregate and “own” the datasets. Under current frameworks, the entity that collects data often holds it and can claim it as an asset. Tech companies have thrived under this model – users provide data (knowingly or not), and companies provide a service in return, using the data for profit. However, there is growing pushback against this arrangement. Consumers and activists argue that people should have sovereignty over their personal data – that the individuals who generate data are its rightful owners. This philosophy is enshrined in some privacy laws (GDPR gives Europeans rights over their data, California’s CCPA does similarly, and India’s Supreme Court has ruled privacy a fundamental right). Going forward, we may see new models of data ownership: for example, data trusts or cooperatives where individuals pool their data and negotiate its use, or regulations that treat personal data similar to intellectual property of the person. Business leaders must be prepared for a world where data ownership is more decentralised or user-centric – which could disrupt current data monetisation practices. Who ultimately profits from data might shift if, say, individuals begin to demand a share of the value generated from their data (sometimes called a “data dividend”). Today, however, corporations remain the primary owners and beneficiaries of big data, and platform giants function as gatekeepers for most consumer data.

• Government Control and Regulation: Governments also have a strong interest in controlling data, both to protect citizens and to wield power. National regulations play a huge role in determining who controls data. Some countries have taken a heavy-handed approach – for example, data localization laws that require data about citizens to be stored on local servers, under local jurisdiction. As of 2022, roughly three-quarters of countries worldwide have implemented data localisation or sovereignty rules to some extent. Nations like China and Russia have strict laws to keep data within their borders (enhancing government control and access), whereas the EU’s approach focuses on privacy but still allows data flows with protections. This patchwork of laws means that control over data is increasingly fragmented by geography. A company operating globally might have to comply with dozens of differing regimes on how data is stored, used, and transferred, effectively ceding some control to each government.

• In democratic societies, regulators are trying to rein in corporate data control to protect consumers – through privacy laws, antitrust investigations into data monopolies, and proposed rules on AI transparency. In more authoritarian regimes, governments themselves are accumulating vast data (often via surveillance) and tightly controlling its dissemination. There is also the aspect of governments demanding access to private data (for law enforcement or national security), which raises debates about encryption and backdoors. Who will monitor data usage? Regulatory agencies and data protection authorities are being strengthened in many jurisdictions to play this oversight role – auditing companies, issuing fines for data misuse, and setting guidelines for ethical data practices. We see this in action with major fines under GDPR for companies that mishandled user data, or with proposed AI regulations that would require continuous monitoring of high-risk AI systems. Internationally, there are calls for global standards on data governance – for example, the OECD and G20 have discussed frameworks for cross-border data sharing with trust, and some propose a “Geneva Convention” for data. However, aligning all nations on data rules is difficult, and we may continue to see a tug-of-war between open data flows and sovereign control.

• Ethical and Self-Governance: Beyond formal ownership, there is the question of who should control data and for what purposes. This is where ethical governance comes in. Many organizations are establishing data ethics boards or AI ethics committees to internally regulate how they use data, especially sensitive personal data. Concepts like “data stewardship” are emerging – the idea that those who hold data have a fiduciary responsibility to use it in the interests of those whom the data is about (similar to how doctors must act in patients’ interests).

• In this view, business leaders including the global factoring industry must function as responsible custodians of data, ensuring it is used to help – not exploit – customers and society. For example, a company might decide not to sell certain user data even if legal, because it could be harmful or breach trust. Another aspect is transparency: who controls the algorithms processing data? There are growing calls for transparency in AI models (e.g., explainable AI, disclosure of when AI is used for decisions) so that those affected by data-driven decisions have some insight and recourse.

• Part of governance is also giving individuals control: mechanisms like robust consent, easy data access/download, and deletion options empower users to some degree. Monitoring and policing data use will require a combination of internal controls (within companies and governments) and external oversight (regulators, watchdog NGOs, even citizen vigilance). As data volumes soar, automated monitoring tools may also be needed – for instance, AI systems that watch other AI systems for compliance with rules (an emerging concept in AI safety). In summary, while ownership of data might remain contested, a consensus is forming that strong governance frameworks are needed to manage data responsibly. This includes clear policies on data quality, access controls, accountability for misuse, and audit trails for who accessed data and why. Companies that proactively implement such governance will likely have a strategic advantage by building trust and avoiding scandals, whereas those that play fast and loose with data could face backlash and regulatory penalties.

To be continued in Part 5.