Book Club: "Global Digital Data Governance: Polycentric Perspectives"

Last week I started reading the newly released Global Digital Data Governance: Polycentric Perspectives which was released as an open access book in January. I learned about the book from the BlockChainGov Discord in the #polycentricity-and-pluralism channel (link) where there is discussion of coordi-nations and lots of resource sharing.

Anyways, I am a few chapters in and so far it is really good. They are applying Ostrom’s work to data governance, and at least the initial chapters lay the ground work for polycentric governance.

I have previously written about going “beyond the centralization-decentralization dichotomy” and the way through is obviously :wink: polycentrism. So this book is very relevant to us.

I have decided to publish my (condensed) chapter notes here so you can follow along. The book is open access so you can download it for free (even a Kindle version!) and read along. Each chapter is available as its own paper on the book website if you want to just pick and choose. Many of these chapters were presented as papers at the Internet Governance Forum in 2022.

Ask questions, read and add your own comments, or add other references as you like.

Each chapter will be a separate comment below which you can comment on. Here is the TOC for your reference:

Ch 1: Introduction: Polycentric Perspectives on Digital Data Governance

  • access to data asymmetric. Governance over data evades democratic accountability
  • why polycentric? → data space is interdisciplinary and transscalar
  • four important properties:
    1. regulatory processes are “transscalar” and “transsectoral”
    2. encompass both formal measures and informal practices
      • rules can take the form of laws, standards, benchmarks, recommendations, general principles, and norms
      • Governance thereby has a broader scope than government
    3. polycentric governance can involve more systemic ordering of a policy field (e.g., of digital data) through macro structures (capitalism, a hegemonic state, militarism, patriarchy, etc)
    4. complex interrelations among the many regulatory actors and multiple ruling structures can generate considerable dynamism and change
  • thus, contributors to the book from anthropology, computer science, international relations, law, political economy, and political science.
  • The book also lays ground for critical discussions about power asymmetries, (global) democracy in the digital realm, and legitimate governance of digital data.

Ch 2: Nudging the Ostroms’ Vision of the Commons on Polycentric Governance into the Digital Environment

  • asking: when can we use the property regime as a major attribute, and when is something different necessary?
  • polycentric (multi-centered) governance a multi-level, multi-purpose, multi-functional, and multi-sectoral model
  • What is it that makes polycentric systems so special?
    • spontaneous self-correction
    • self-organization
    • interaction among diverse stakeholders
  • the degree of polycentricity of governmental arrangements is impacted by the polycentricity of political processes and judicial affairs, and vice versa
  • the right kinds of overlappability
    • ==Note: What are we missing in in internet gov?==
  • more than eighty-five percent of U.S. critical infrastructure providers are private firms
  • gives some examples of polycentric and multistakeholder initiatives
  • uses “Actions Arenas” from IAD (Institutional analysis and development framework - Wikipedia)
  • Hess and Ostrom viewed information as a common pool resource… although departure from the Ostrom model may be necessary.
  • apply lessons from polycentricity to empower diverse multi-stakeholder communities.

Ch 3: Internet Interoperability and Polycentric Attributes in Global Digital Data Ordering

  • the chapter aims to bring in a more nuanced formulation of the issue of Internet fragmentation and digital data governance
  • critically examine the attributes of polycentric governance
  • increasingly regulated by national authorities in the areas of competition, data protection, elections, intellectual property, law enforcement, and human rights, to name just a few of the different centres of authority, yet with limited power over the scope, scale, and capacity to enforce these measures.
  • some old IR scholarship on the topic (Nye!)
  • The Internet can be conceptualized as an infrastructure for innovation
  • Seven attributes of polycentric governance: transscalar, transsectoral, diffusion, fluidity, overlapping mandates, ambiguous hierarchies, and no final arbiters
    1. Transscalarity is a key feature for the development of ‘global markets’ and ‘global audiences’ for digital services
      • tampered with by copyright regimes, data protection, etc. Christchurch Call cited as an example
    2. transsectoral = multistakeholder. three major actors that have been traditionally involved in these arrangements: states, companies, and the technical Internet community
    3. Diffusion entails scattered authority. counter-example is the Internet’s cloud design, which marks a centralized approach.
      • While the power might not be concentrated, a state actor can use existing norms and regulatory power to affect communications infrastructure with a greater effect than other private sector or civic actors. (internet shutdowns)
    4. Fluidity = continual appearance of new organizations, working groups, regulatory frameworks, and practices: from sociotechnical instruments, to governmental policies, to multistakeholder platforms,
    5. overlapping mandates. Various examples in this section. Note, data flows are not for one purpose and that they change depending on what type of data it is
    6. ambiguous hierarchies = pre-existing laws, conventions, frameworks, norms, and technical protocols for data… which institution should be responsible?
    7. no final arbiter = a recursive device that cuts across the previous six.
  • systemic ordering forces
    • norms
    • practices
    • underlying structures (the most invisible)
  • Economic and political power are centralizing

Ch 4: The Challenges of Governance in a Datascape: Theorizing the Role of Non-extractive Methodologies in the 2030 Agenda

  • the 2030 Agenda, “datafication”, and citizens participation
  • data have for a long time been used to exert power and control over societies
  • stresses the importance of both seeing with data and of thinking of who is made visible in the datascape.
  • ‘how many resources are being diverted for producing data that are not for action?’
  • in the 2030 Agenda datascape, issues of interoperability rather than relationality tend to be prioritized.
  • The most important act, then, is understanding that what is missing was not accidentally forgotten, but purposefully hidden. aka ‘absent data’
  • ‘who is benefitting from these voids? What are the political and economic interests behind these?’.
  • poverty of data, in every sense, is rarely accidental.
  • ‘practices of authorized seeing’ {very striking term - CK}
  • Highlighting and filling out the blanks… in the fight for social justice … has been a flagship of citizen-generated data. (CGD)
  • includes examples of orgs engaged in CGD
  • We believe that the CGD movement is highly supported by two main ideas: the first being that data is the lingua franca for 21st-century public policy, that is, a common ground in which different actors can interact; the second being that it is possible for marginalized groups to take a chair at the negotiation table as long as they learn how to communicate in this language.
  • NSOs would say to CGD activists that ‘their data was not good enough’, something to which they would reply with ‘and yours are not useful enough’.

Ch 5: Grassroots Data Activism and Polycentric Governance: Perspectives from the Margins

  • data activism practices enable novel avenues for citizen data sharing and digital commons.
  • ‘algorithmic coloniality’
  • facilitate the reproduction of the ‘hierarchies of race, gender and geopolitics’ that served to actuate colonial control
  • examples like Ushahidi, Mexico, WhatsApp in African countries
  • Over the past decade, the number of African countries with data privacy laws has tripled. (eg Malabo Convention, African Union Convention on Cyber Security and Personal Data Protection, etc) … implementation of data privacy regulations remains uneven.
  • regional approaches to data protection policies may encourage fruitful conversations about citizens’ data rights between civil society, technology corporations, and governments.
  • At present, most African citizens are extremely limited in their ability to govern their data for the benefit of their livelihoods. {Note: Not only Africans i suspect -CK}
  • nearly 80 percent of Kenya’s population are registered mobile money account holders, only 30 percent of households have access to banking.
  • ‘open finance’—an arrangement where banks and financial service providers would be required to share consumer data among themselves and with third-party providers. … new risks to privacy.
  • ==basically this chapter shows a bunch of short comings at the edge, and indicates that polycentric gov can help==

Ch6: Questions as a Device for Data Responsibility

  • this chapter is about how to ask “responsible” questions for research
  • mostly advocates for crowd-sourcing and inclusivity “ensuring participation by design”
  • shift in research to behavioural analysis using data exhaust: “allowing researchers to wean our dependency on what people tell us and turn instead to more reliable records of what people actually do”
  • “The 100 Questions Initiative,” an effort to help determine the most important questions across a variety of fields that could be answered if data were made more readily available to trusted parties.
  • questions can serve as devices to frame problems more effectively.
  • Asking the right questions can advance the pursuit of data minimization

Ch7: Decentralized but Coordinated: Probing Polycentricity in EU Data Protection Cross-border Enforcement

  • examines how the GDPR works in different EU countries, its hierarchies of DPAs, the EDPB and the OSS
  • corresponds more to networked governance rather than polycentric governance.
    • polycentric governance features the existence of multiple centers of authority
    • networked governance emphasizes the interconnectedness and collaboration among actors
    • Multi-level governance concerns how authority is distributed vertically among different levels of government (central, regional, and local),
  • before GDPR enforcement was ‘unmanageable for companies … and an inefficient waste of resources for regulators’ a “fragmented, decentralized enforcement model”
  • “purely decentralized model emphasizes the independence and autonomy” but lacks cooperation, coordination, and consistency
  • Harmonization of procedural rules is key {something Canada also needs - CK}
    • ==NOTE: “Organizational APIs” (my term) are critical for polycentrism. This is what excites smart contract and DAO people… but it very difficult to encode (as seen in a later chapter)==
  • presents 2 case studies: Clearview AI and Meta
  • “the latest developments appear to initiate a shift from the polycentric model”… a hierarchy is forming with power residing with the EDPB. This article is a warning.

Ch8: Trade Agreements and Cross-border Disinformation: Patchwork or Polycentric?

  • use of trade agreements to prevent disinformation
  • Researchers traditionally defined disinformation as the purposeful dissemination of information designed to mislead, deceive, harm, and/ or polarize people within a country or among countries. It is not the same as misinformation, which is generally understood as the inadvertent sharing of false information that is not intended to cause harm
    • Disinformation is a form of speech
  • When data crosses borders, disinformation is best addressed collectively, in a multinational and multi-sectoral manner.
    • the free flow of data, with certain exceptions, became the default for almost every trade agreement until recently.
    • Almost every trade agreement that covers e-commerce or digital trade includes language to govern spam
    • these agreements can help nations coordinate counterweights for cross-border disinformation flows including data protection rules, content moderation and competition policies.
    • policy makers also acknowledge that nations have other important policy objectives such as preserving public order, privacy, consumer welfare, or public morals. Hence, by using the exception as justification, a nation can restrict cross-border data flows.
  • problem with trade agreements:
    • they can’t address domestic disinformation.
    • can’t use trade agreements to directly regulate the business model that underpins the problem of disinformation
  • speculation: could be part of the polycentric patchwork

Ch9: Trackers and Chasers: Governance Challenges in Disinformation Datafication

  • datafication has contributed to disinformation. This article analyzes two policy trends to fighting disinformation: regulating of microtargeting (the “trackers”) and requiring traceability (“tracers”)
    • microtargeting: eg bannig the use of targeted during elections, or limiting the types of data collected
    • traceability: require even more data collection so that the source of shared info can be traced back to a user. Examples given from India and Brazil
  • because disinformation datafication is inspired precisely by the intent to identify collective political preferences and influence speech and behavior, governance solutions that focus solely on the rights that individuals exercise over their own data are essentially limited to address the level of social risk entailed in these strategies. This is the core of the problem
    • “data subjects possess only a fraction of the interests in a certain data flow”, while data collectors are motivated to collect as much data as they can, from as many subjects as possible, so they can exploit the insights of horizontal data relations
  • data appears as both an object and a form of governance.
  • policy solutions continuously replicate individualistic understandings of privacy
  • a “horizontal relationship” in datafication, which relates data subjects to each other
  • the “vertical relationship” is the one between individual data subjects and data collectors, expressed in corporate-centered “hegemonic models” that refer data governance to the forms and mechanisms through which collectors retain control over the data they collect
    • data protection laws are often built around the “vertical relationship”… failing to acknowledge “the role that horizontal data relations play in producing social value and social risk”
    • general data protection laws are not enough to address social harm caused by disinformation.
  • ==The article basically asks: can we design a datafied system that incentivizes truth?==
    • ==this kind of talk excites lawmakers, but in my experience, freaks out technologists, especially those who work in privacy

Ch10: Privacy Governance from a Polycentric Perspective

  • this chapter examines how “privacy governance is shaped through continuous interaction between formal structures and human agency.” Making the case for more polycentric gov in the privacy space
  • the challenge:
    • Supranational, intergovernmental, and private institutions attempt to govern and influence data flows through the creation and enforcement of norms, standards, and practices
    • Commercial actors engage in the governance of both internet infrastructure and information flows through their business and operating decisions
    • technical bodies performing mundane tasks of standardizing and maintaining internet infrastructures are also recognized as spaces where governance occurs, typically outside of the purview of the state
    • power is distributed
    • currently, the governance of privacy seems to revert to two-party relationships between regulators and organizations, thus undermining privacy governance as inherently polycentric.
    • traditional and state-centric approaches to the regulation of platforms fall short in addressing concerns about private censorship, abuse of informational power, and human rights harms.
    • third-party regulation–an arrangement where an independent third party acts as a regulatory intermediary between various other actors =={Note - Opposite of Ostrom? - CK}==
  • Key insight for polycentrism: “no single actor has the knowledge necessary to solve what are now complex, dynamic, and sometimes wicked problems.” This is a very open source point of view
  • identified four groups of data protection policy instruments: transnational, legal, self-regulatory, and technological.
  • CASE STUDIES: adoption of remote learning during pandemic
    • different countries moved at different speeds
    • the individual agency of educators and hyperlocal expertise result in decisions with constitutive effects on remote learning environments.
  • we find the institutionalist approach to be overly narrow. … Combining the institutionalist and non-institutionalist perspectives allows for examining polycentric governance as a state of ordered chaos–having order without a central authority
  • Informational self-determination is the backbone of European data protection and a vital part of the American information privacy legal framework
    • emphasize privacy literacy as a mechanism through which individuals gain agency and autonomy in datafied environments
  • =={overall this article was pretty speculative. If you are into privacy, you should probably read it. There are tons of details, but not a lot of pragmatic pointers on what a real policentric gov system would look like for the “CPR” of privacy - CK}==

Ch11: Global Data Governance by Internet Interconnection

  • I enjoyed this chapter about how “the Internet’s network architecture is data governance”
  • Digital data travel through multiple protocols and pass through different networks (also referred to as Autonomous Systems, or ASes) as well as various physical media
    • 70,000 ASes
  • the Internet’s polycentric interconnection architecture both affects and is affected by data production and flows.
  • peering and transit relationships
  • IXPs and CDNs becoming a central power
  • Another key aspect of interconnection has to do with sharing routing tables. … It is in this context that the Border Gateway Protocol (BGP) has an important role.
  • The open and public Internet as an open platform in which resources are publicly shared and permissionless innovation is fostered has gradually been supplanted by proprietary (or closed) and private networks dominated by large private cloud ecosystems, operated by a few big tech companies and an array of providers offering non-public connectivity services
  • the more private Internet, in which the data distribution occurs within closed or internal networks with the massive use of Content Delivery Networks (CDNs).
  • some fascinating case studies:
    • how local ISPs can lose out (in terms of having local decision-making power) to large IXPs and CDNs. One solution is’s OpenCDN initiative.
    • Routing security: BGP susceptible to errors. Solutions include Internet Routing Registries (IRRs), BGPSEC, the Resource Public Key Infrastructure (RPKI), and the Mutually Agreed Norms for Routing Security (MANRS)
    • in both the above cases you can see how the architecture itself is a form of governance
  • data governance by Internet interconnection takes place in polycentric ways. From the choice to connect and how this interconnection takes place (peering, transit, IXP), through to the use of CDNs and arriving at issues such as the quality and reliability of the information shared by the networks in this interconnection, there are multiple actors and centres of decision-making.
  • =={the chapter breaks down the various characteristics of Polycentrism. Including:}==
    • Norms: economic growth. But when looking at IXPs, routing, CDNs, there is a need for the growth of non-market collaboration
    • Practices: NOGs (Internet Operators Groups) professional communities; multistakeholderism; use of open source tools; the idea that the more connections the better
    • Underlying Orders: embedded view that Internet governance should be something done by private entities; problem-solving through technology
  • Future research on global data governance must consider the continually changing nature of Internet interconnection.
  • the Internet has increasingly become a closed network dominate systems, with particular emphasis on the growing role of CDNs

Ch12: The Distributions of Distributed Governance: Power, Instability and Complexity in Polycentric Data Ordering

  • examines blockchain and “supposedly ‘new’ forms of ‘distributed’ digital data governance”
  • this chapter assesses patterns of continuity and change regarding two inter-related structural issues in blockchain-based ‘distributed data governance’: power concentration and instability.
  • The main argument advanced in this chapter is that distributed data governance is neither new nor devoid of the pathologies of more centralized digital data governance.
  • describes some Norms, Practices, and Underlying Orders of the blockchain space, eg
    • security through transparency
    • Bitcoin and related distributed data projects in practice mainly advance attempts at developing ‘freer’ versions of capitalism. … Supposedly 'novel, these twenty-first century projects extend the project of ‘neoliberal’ capitalist order of the late twentieth century.
  • Whoa! I hadn’t heard of this Network State precursor:

Borderless Voluntary Nations, as Bination (2017) calls for in constructing “the first ever digitally constituted nation that represents both a reputation system which is managed by an algorithm named Lucy, and a monetary system which rewards participants according to their virtuous behaviour”

  • talks about concentration of Bitcoin, CDEXs, Foundations, etc: “blockchain-based distributed data governance has remained replete with tensions between centralized institutional and behavioural practices, on the one hand, and the norms as well as discursive and material practices of distributed data governance on the other.”
  • growing attention to the environmental impacts of Bitcoin production led to the formation of a Bitcoin Mining Council. Led by two CEOs of American multinationals, Tesla’s Elon Musk and MicroStrategy’s Michael Saylor … compared to a ‘cartel’ like the Organization of Petroleum Exporting Countries (OPEC)
  • demonstrates the polycentricity of blockchain governance in a table showing Industry Associations, Internet Governance Organizations, Multinational Technology Firms, International Organizations
  • basically, this article is trying to show how the “distributed governance” of blockchain space looks a lot like the existing order.

Ch13: Polycentric Theory Diffusion and AI Governance

  • this chapter explains the attributes of polycentricity shaping the global implementation of AI technology.
  • some key insights of polycentric gov:
    • The Bloomington School explains how polycentricity has three features: (1) multiple centres of semiautonomous decision-making; (2) the existence of a single system of rules (be they institutionally or culturally enforced); and (3) the existence of a spontaneous social order as the outcome of evolutionary competition between different ideas, methods, and ways of life
      • NOTE: #2 are the “APIs” of polycentricity.
    • In polycentric governance, there is no single decision centre with ultimate authority
  • While some leading corporations have made more explicit their rules and procedures about AI, and are advocating for self-regulation, smaller organisations and individuals affected by Al technologies are excluded from central debates.
  • Developing AI demands constant data acquisition. This practice is not always aligned with and is even often in opposition to some basic principles of data governance worldwide, such as data minimisation, standardisation of the quality of data, and transparency of data use.
  • a single mistake made during development may be repeated millions of times due to automation, while no good way to trace the error data points.
  • Governing the use of personal data by Al is more than a technical or economic question; it also involves ideological competition and the negotiation of cultural interests. The fragmentation (Biermann et al. 2009) of several ideologies, such as technocracy and central planning-based forms of socialism, may reinforce the existing digital divide between and within the Global North and Global South.
    • Research shows that algorithmic fairness as understood within Western norms is not easily translated to, for example, the cultural values of people from India
    • when we accept common ethical principles such as transparency and fairness, the gap between perceptions and enforceability may increase due to the process of implementing these policies in local contexts.
  • Generally speaking, law faces enormous difficulties in Al regulation… Evidence shows that it is not easy either to translate code into law to address new social justice issues or to execute law in code to improve regulatory efficiency.
  • using code-driven automatic regulatory approaches to execute current laws does not necessarily guarantee efficiency.
    • ==NOTE: We want to prioritize justice, not efficiency, right? Both?==
  • In December 2021, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) announced a fine of € 2.75 million against the Tax and Customs Administration… [who] focused their attention on people with “a non-Western appearance,” … preventing them from claiming the childcare benefits they deserved. … Such risks can cross national boundaries due to global market forces.
  • The analysis of Lessig’s four regulatory modalities, traditional to cyberspace governance debates with the main categorisations of the Bloomington School of polycentric governance and the more fluid and global perspectives of polycentric theorising (Koinova et al. 2021), all suggest that there are many ways in which regulatory approaches can help understand AI tensions by stressing the sources of power that shape these debates.

Ch14: Conclusion

  • three main contributions of the book:
    1. bringing polycentric perspectives
    2. underline power hierarchies
    3. promote policy diversity in the practice of digital data governance.
  • governance of digital data is not so horizontal and flat as some interpretations of polycentrism might suggest
  • does not mean that it lacks power hierarchies
  • This volume has repeatedly shone a spotlight on the ubiquity of power hierarchies through polycentric perspectives on the governance of digital data.
  • four avenues for future work, related respectively to multistakeholderism, sociological theory, temporality, and normative concerns.
  • probe the relationship between polycentrism and multistakeholder initiatives.
    • multistakeholderism involves a multiplicity of constituencies within a single regulatory institution.
    • how polycentrism and growing multistakeholderism might be mutually reinforcing trends.

Chad’s Concluding Comments

This collection of papers lays down some of the fundamentals of polycentric governance, and his heavily influenced by Ostrom’s work, which we read before, and the Bloomington School of Institutional Analysis, associated with the Ostrom Workshop at Indiana University. Some of the papers are more speculative, trying to relate a specific domain to polycentricity, and others are a bit more practical.

I included various quotes and points and =={some of my own commentary}== to help you make a decision whether a specific chapter is worth reading. My personal interest is in the principles of polycentric governance as we try and build our own movements for the management of open source protocols — and the open web itself — so I found the initial three chapters as well as Ch 11 the most useful for my needs. The focus of the book is on the Data Governance, so it is helpful to have solid examples in learning about the characteristics and principles of polycentric governance, but I was looking for something a bit more pragmatic. This is an emerging field of thought, so many of the papers were speculative… trying to theorize specific cases. Since many of the papers had the same foundational citations, I have gathered them below to explore as next steps.

Hopefully this was helpful to someone else out there.

Selected resources for follow up

It’s Ordered Chaos: What Really Makes Polycentrism Work
Maria Koinova, Maryam Zarnegar Deloffre, Frank Gadinger, Zeynep Sahin Mencutek, Jan Aart Scholte, Jens Steffek
International Studies Review, Volume 23, Issue 4, December 2021, Pages 1988–2018, 19 October 2021

The metagovernance of internet governance
Niels ten Oever
Power and Authority in Internet Governance (pp.56-75) January 2021

Beyond Institutionalism: Toward a Transformed Global Governance Theory.
Scholte, Jan Aart.
International Theory, Volume 13, Issue 1, March 2021, pp. 179 - 191

Polycentrism: How Governing Works Today
Gadinger, Frank, and Jan Aart Scholte (eds),
Oxford, 2023; online edn, Oxford Academic, 22 June 2023),