In Emerging Economies, Data Protection Starts with Building Secure Infrastructure. This Is How to Get There

Billboard for FreeBasics, a service from Facebook.
A billboard for Free Basics, a service from Facebook, along a street in Abuja, Nigeria. Afolabi Sotunde/Reuters

Finding the bridge between universal access and data empowerment. Originally posted on on 13 August 2018.

By Jonathan Dolan, Kay McGowan, and Priya Vora of Future State

More than 4bn people worldwide don’t have access to the internet. Gaining access to the knowledge and services the internet provides is a critical target enshrined as United Nations sustainable development goal. Yet, too often conversations about universal internet access have been binary due to a strict focus on those who have access and those that don’t.

A comprehensive debate should take into account the quality of internet access, the benefits of greater broadband access and data security for individuals. In fact, decisions made by corporate entities licensed to build internet infrastructure could be jeopardizing the safety of the content transmitted over that infrastructure and negatively impacting efforts to leverage data as a tool for individual empowerment.

The financiers and licensing organizations behind broadband expansion — namely governments and multilateral development banks — should actively support broadband expansion while also promoting network security and standards for individual data protection. This begins with recognition of how fiber networks serve as an ideal vehicles — whether unintentionally or intentionally — for injecting malware or extract network data.

Conversely, those concerned with individual rights in the digital age — issues related to how data is protected, how online information can be trusted, and how digital footprints can be leveraged by individuals to access new, life-enhancing services — must not take for granted that access is available to all or that all networks are equal in supporting their goals.

If the efforts of those guiding broadband investments and advocating for data security cannot be aligned in short order, trust in the internet among those coming online for the first time will be eroded. Thus, space for malicious actors in the very markets the universal access initiatives are seeking to empower will open. We offer three recommendations for solving this challenge.

Standardize due diligence processes for broadband expansion investments that include data protection requirements

Major financiers of broadband such as the World Bank and governments need to be intentional in supporting networks that are safe and inclusive. The first step in bridging access and data governance agendas is the creation of standard due diligence processes for choosing vendors and developing procurement processes that enable network expansion while also supporting stronger data protection regimes and clear hardware specifications.

Large-scale financing efforts for broadband often select vendors primarily based on cost. In the worst situations, political interests also come factor in the way that broadband efforts are designed around the narrow economic interests of the incumbent provider. Vendor selection processes rarely takes into account network security.

There are a number of internationally agreed upon principles that speak to data privacy and security, others that speak to citizens’ data rights, and still others that speak to affordability and network reliability. The next step is for a multi-stakeholder group, which may include multilateral development banks, other donors, and governments, to convert these principles into a common set of specific, actionable, and enforceable standards for procuring network infrastructure. Once such standards are developed, financiers and regulators can spot audit vendors to ensure compliance with these standards.

Incentivize market competition and diversification

While standard due diligence and procurement processes are a natural jumping off point for inclusive and secure network investments, alone they will make only a marginal difference if emerging market governments have limited choice in vendors. Increasingly emerging market governments are turning to state-controlled companies that offer subsidized loans to build out their broadband networks with their equipment.

This is an understandable choice. Chinese firms, for example, are often competitive on cost, and alternatives sometimes don’t exist at all. As Steve Song, the founder of Village Telco, notes in a report on African telecom infrastructures, “The development of terrestrial fibre optic infrastructure on the [African] continent continues apace with the Chinese government, the World Bank and the African Development Bank leading as the principal financiers of these networks. Huawei continues to dominate the terrestrial fibre business in Africa. No other name is seen remotely as often as theirs linked to the construction of a terrestrial fibre network on the continent.”

The choice to prioritize near-term economic gain increases risks to network reliability and security due to equipment quality and close ties the foreign government building the network. Additionally, this choice is leading to single-source agreements to build national telecommunications infrastructure. The fact that most commercial entities view emerging markets as inherently risky only compounds the problem of vendor choice.

Donors have the tools to incentivize new market entrants to opt for less risky commercial investments but such measures have been used too infrequently to support equitable broadband infrastructure build out. Donor tools include direct co-financing of infrastructure to assume some risk in the markets private actors would otherwise avoid, creative solutions for unlocking commercial financing through loan guarantees and other risk-sharing facilities, capacity building to support stronger and more independent regulatory bodies, and policy levers to promote more open and competitive markets. Paired with strong due diligence processes and procurement standards, these tools will support the expansion of secure broadband networks.

Develop policies for data rights and governance with clear enforcement mechanisms

As Future State has suggested in previous pieces, there is a fleeting moment of opportunity right now for emerging markets to develop their strategic positions on data rights and data governance. It’s far easier to establish policies and systems before economies are digitized and platform businesses are entrenched.

In developing a stance towards data, we encourage a national approach to data privacy that gives due consideration to the types of data that are deemed sensitive/personal, matters of jurisdiction, and other matters that, if not fully defined, may make it difficult to ensure that foreign-owned entities (such as equipment manufacturers) and foreign processing of data is explicitly addressed.

India’s Srikrishna Committee on Data Privacy offers a useful set of considerations in establishing de novo data privacy legislation. Further to establishing policies, it is critical to create supervisory capabilities and enforcement mechanisms to ensure any breach of policies can be detected and addressed, including data sharing via network infrastructure.

Jonathan is an advisor to Future State. Priya and Kay are co-founders. Future State is an entrepreneurial effort supported by the Rockefeller Foundation to advance inclusive and equitable digital economies.