Data - Documents

Digital Transformation - Archives

Corinna Turbes writes about the new guidance for open by default data (text below):

"Making data open by default is not a straightforward proposition. Not only does it does it raise technological and policy-focused questions, it requires a meaningful culture shift.

Today, OMB (Office of Management and Budget in the US) released long waited guidance on open-by-default data. My initial thoughts are here on the latest from Data Foundation."

"On January 15, 2025, the White House Office of Management and Budget (OMB) issued comprehensive guidance for implementing the OPEN Government Data Act, Title II of the Foundations for Evidence-Based Policymaking Act (Evidence Act). Six years after the passage of the Evidence Act, OMB’s guidance outlines a new framework for federal agencies to manage and share their data assets, providing concrete steps agencies must take to make their data open and accessible while protecting privacy and security – a balance that is crucial for effective governance in our digital age.

What's Changing?

At its core, the new guidance clarifies the expectation that federal data should be "open by default," as established by the Evidence Act in January 2019. "Open by default" means agencies must maintain their data assets in open, machine-readable formats and make open data assets publicly available unless there are specific reasons – such as privacy concerns or national security – not to do so.

While the memo establishes a clear presumption of openness, it also recognizes that agencies must carefully balance transparency with privacy protection and security. The guidance emphasizes that when there is uncertainty, openness should generally prevail. Agencies are instructed to thoughtfully weigh potential risks of releasing data against the public interest in access. If this assessment is unclear, the default should be to share the data rather than withhold it. The memo even encourages agencies to consider employing statistical disclosure limitation techniques that can enable the release of data with potentially sensitive elements, instead of keeping that data completely closed off.

However, the guidance distinguishes between full public dissemination of data assets through the Federal Data Catalog versus other forms of more limited data sharing. It acknowledges that not all data assets designated as "public" are appropriate for complete, unrestricted release online. Agencies must rigorously evaluate each data asset, factoring in considerations like individual privacy, national security, and other protected classes of information. When full public release is not suitable, agencies should still seek to provide alternative means of access for appropriate users. The memo lays out the process agencies should follow when deciding to place restrictions on the public availability of their data assets, which includes engaging other federal leaders and experts around privacy, confidentiality and data sensitivity to inform those decisions.

OMB’s memo provides guidance on certain key activities and introduces several new requirements. Highlights include:

• Agencies must develop comprehensive data inventories that catalog all their data assets. These inventories must follow standardized metadata requirements, making it easier to understand what data exists across government and how it can be used, and be interoperable with the Federal Data Catalog.

• Agencies must create open data plans that explain how they will make their data accessible and usable. These plans need to include specific processes for collecting data in open formats, analyzing how people use the data, engaging with the public about their data needs, and processes for evaluating and updating the plan. Agencies will designate an open data plan point of contact to lead engagement efforts with data users.

• The guidance reinforces the Federal Data Catalog as a central access point for government data, with clear processes for evaluating which datasets should be made public. OMB also outlines considerations for conducting a risk assessment to determine if data assets are appropriate to be shared with the Federal Data Catalog, offering guidance on what specific concerns outweigh the presumption of openness, such as national security risks, information security concerns, privacy and confidential issues, intellectual property restrictions, and contractual agreements.

Three Critical Implications

OMB's long-awaited guidance has the potential to significantly change how the federal government approaches the use of government data. This memo triggers three major shifts that flow directly from its key provisions:

1. A Major Shift in Federal Data Governance:

This memo signifies a fundamental transformation in how the federal government approaches data management and sharing. By providing comprehensive guidance on implementing the OPEN Government Data Act and establishing clear requirements for agencies to make their data assets open, machine-readable, and accessible by default, it creates new opportunities to advance evidence-based policymaking. At the same time, it necessitates careful attention to privacy, security, and responsible data sharing practices to ensure data is opened up responsibly.

This guidance operationalizes the open data principles in the Evidence Act in ways that could dramatically expand the availability and usability of government data for evidence-building, while still providing a framework for responsible sharing. That's a major shift from the pre-guidance status quo, where agencies lacked clarity on how to implement the Evidence Act's open data goals.

2. A Growing Spotlight on CDOs

The memo explicitly assigns responsibilities of implementing this guidance to agency Chief Data Officers (CDOs). While this guidance answers an ever-growing call from CDOs needing clarity and guidance for their official roles and responsibilities related to open data in their agencies, CDOs continue to point to limited resources and staff capacity. Though OMB elevates the importance of data leadership, the requirements included in the new guidance raises questions about whether CDOs have the resources and organizational support needed to fulfill these expanded responsibilities.

These are substantial responsibilities that will require extensive coordination across each agency. CDOs will also have to garner support and resources from agency leadership and agency components to fulfill this role – which could be challenging given the constraints many CDOs already face. The memo elevates CDOs as key leaders in this domain, but ensuring they have the organizational capacity and backing to succeed will be critical.

3. A Push Towards Coordinated Data

And finally, the guidance takes concrete steps toward better coordination of federal data assets. Through standardized metadata requirements, a unified Federal Data Catalog, and clear processes for data release, OMB’s guidance creates a framework for treating federal data as a strategic national asset rather than a collection of isolated agency resources. Rather than CDOs’ taking initiative within their respective agencies, OMB’s leadership provides critical coordination and guidance to ensure CDOs are well-equipped to carry out their statutory duties to manage federal data assets.

Looking Ahead

While this guidance represents significant progress, implementation will require addressing persistent challenges. Agencies will need to improve data quality, ensure systems are interoperable, protect privacy while promoting access, and build the organizational and technical capacity to manage data effectively.

The success of this initiative will depend not just on technical solutions, but on cultural change within agencies and sustained commitment from leadership. As agencies work to implement these requirements over the next two years, the data policy community will need to closely monitor progress and continue advocating for the resources and support needed to realize the full potential of open government data.

The Data Foundation will be following developments related to OMB’s Title II guidance closely and providing additional analysis as agencies begin implementing these new requirements. In the meantime, we encourage those interested in learning more to review the full guidance and share their thoughts on how it might impact their work with federal data."

Data - Documents

Digital Transformation - Archives

Higenyi Simon writes about The General Data Protection Regulation (GDPR): Complete text and collateral here

The GDPR Ripple Effect: Beyond Europe, Into the Future of Law 🌍

The General Data Protection Regulation (GDPR), it’s more than just a European privacy law. It's a global paradigm shift, a blueprint for the ethical and responsible handling of personal data in the digital age. But its influence stretches far beyond the EU's borders.

🌍 Where Does GDPR Reach?

While born in the EU, GDPR's reach is global. It applies to ANY organization that processes the personal data of individuals within the EU, regardless of where the organization is based. This means companies worldwide - from your local coffee shop with an online ordering system to tech giants in Silicon Valley, need to be GDPR-compliant if they engage with EU citizens.

🔐 GDPR isn't just about consent checkboxes. It enshrines: Data Minimization, Purpose Limitation, Transparency, Data Subject Rights: Access, rectification, erasure ('right to be forgotten'), portability, and objection, Accountability.

🤯 The Ripple Effect on Other Nations

GDPR has sparked a wave of similar legislation globally:

🇨🇦 PIPEDA (Canada)

🇧🇷 LGPD (Brazil)

🇺🇸 CCPA/CPRA (California, USA)

🇮🇳 DPDP (India)

🇦🇺 Privacy Act (Australia)

Many jurisdictions have learned from GDPR, integrating its robust principles into their own frameworks, establishing a growing global convergence on data protection. This is about more than compliance; it's about establishing global norms of digital responsibility.

🤖 GDPR's Modern Challenges & Opportunities

Artificial Intelligence (AI): GDPR's principles (transparency, fairness) are crucial for regulating AI. We need AI systems that are not just powerful but also accountable and ethical. This is critical in preventing discriminatory algorithms and ensuring algorithmic justice.

Tech: GDPR places significant responsibilities on tech companies, especially those dealing with large datasets. It pushes them to build privacy-by-design, and to handle data more responsibly.

Intellectual Property (IP): Data as a commodity raises complex questions about ownership and control. How does GDPR impact IP rights when dealing with data-driven innovations? The interplay between data privacy and IP is a critical area of legal evolution.

Corporate & Commercial Law: GDPR influences contracts, due diligence, and M&A. Companies now need to consider the GDPR impact of their transactions, and develop robust data protection and compliance programs.

⚖️ The Bigger Picture

GDPR isn't just a legal framework; it's a value statement. It asserts that individuals have fundamental rights over their personal data in the digital realm. It's a call for greater transparency, accountability, and ethical conduct from all organizations. It's also influencing the legal and business landscape of other sectors and has a profound influence on the digital economy.