The Unknowns, Geopolitics, and Vagueness Around Data Governance

Lately, all I hear is talk about data governance, as if the act of discussing it will automatically create clarity, rather than forcing us to confront the hard choices about how data flows, who controls it, and what it enables. One thing is clear: everyone talks about it, but almost no one is actually trying to define what it really means. In workshops, boardrooms, and conferences, the term is thrown around as if everyone agrees on what it means — but they don’t. Instead, it has been elevated into a political issue, a high-level debate about sovereignty, regulation, and control. This politicisation inevitably clouts discussions and risks subverting some of the most important concepts about data itself.

And yet, we cannot afford to ignore the stakes. Data is not merely an operational input or a corporate asset; it is the very lifeblood of the Internet. Every interaction online—every search, click, like, or transaction—creates a trail of information that fuels platforms, drives innovation, and sustains ecosystems. Without continuous flows of data, the Internet as we know it would grind to a halt: social networks could not connect billions of users, e-commerce platforms could not optimize supply chains, and content recommendation engines could not personalize experiences. In short, the Internet is alive only because data circulates through it.

Artificial intelligence exemplifies this dependence most clearly. AI does not exist in isolation; it is a reflection of the data it consumes. A language model, a recommendation engine, or a predictive maintenance system is only as intelligent as the underlying datasets that train it. Sparse, biased, or low-quality data produces poor outcomes, while abundant, diverse, and well-curated data unlocks potential.

Consider large language models like GPT or image generation systems like DALL·E: their performance, nuance, and usefulness scale directly with the volume, diversity, and quality of the data ingested. These models rely on massive datasets containing text, images, and other structured or unstructured information to learn patterns, correlations, and semantic relationships. Every insight, every automation, every predictive signal is inseparable from the underlying data that fuels it. For example, in natural language processing, a model’s ability to generate coherent and contextually appropriate responses depends not just on the quantity of text it sees, but on the richness of linguistic structures, idioms, and domain-specific knowledge embedded in that data. Similarly, image generation models learn to capture style, composition, and context by analyzing millions of examples. Sparse, biased, or low-quality datasets produce outputs that are inaccurate, skewed, or unreliable.
AI is not merely “software”; it is data operationalized. The algorithms themselves define how patterns are extracted, but without high-quality data, even the most sophisticated architecture fails. Preprocessing, normalization, and annotation further shape the model’s capabilities, ensuring that the raw data is structured and labeled in a way that the model can learn from. Data determines everything from generalization and robustness to fairness and ethical alignment. In essence, the model is a reflection of the data it consumes — without it, AI is inert code; with it, AI becomes actionable intelligence capable of transforming industries

Data is also the foundation of modern economic value, but it has become highly commodified, turning personal behaviors, interactions, and content into tradable assets. Platforms like Google, Amazon, and TikTok generate billions not simply because of their technology, but because of the continuous extraction and monetization of this data. Every recommendation, ad placement, or search ranking relies on patterns discovered in historical data — patterns derived from real people’s lives. Governments’ drive to govern data is understandable, given its immense economic and strategic value, but there is a risk that this focus on control reduces complex social and ethical questions to questions of ownership and access. Treating data merely as an economic asset can obscure the broader consequences: who benefits, who is surveilled, and whether restricting or centralising data flows may hinder innovation and the public good

At the same time, the social and ethical stakes are enormous. AI systems trained on biased, incomplete, or unrepresentative datasets can unintentionally amplify inequality, reinforce stereotypes, or spread misinformation. For instance, facial recognition models have historically misidentified people of color at higher rates due to underrepresentation in training data, while predictive policing algorithms have disproportionately targeted marginalised communities by relying on biased historical crime records. Limiting access to data too aggressively, however, can be equally harmful. In healthcare, restrictive interpretations of privacy laws may prevent researchers from accessing enough patient data to train models capable of detecting rare diseases or predicting epidemics. In climate modeling, the inability to integrate comprehensive environmental datasets can reduce the accuracy of predictions critical for policy and disaster response. Even in industrial applications, overly constrained datasets can stifle innovation in AI-driven logistics, manufacturing, and energy efficiency.
Proper governance must therefore strike a delicate balance. It is not enough to protect privacy or enforce sovereignty — governance must ensure that data remains accessible in controlled, ethical ways that maintain public trust while fueling innovation. This involves technical safeguards such as differential privacy, federated learning, and secure multi-party computation, alongside clear legal frameworks and transparent policies. Without this balance, society risks both ethical harm from biased or misused AI and stagnation in areas where data-driven solutions could deliver enormous social value.

Beyond the “New Oil” Myth

For years, the cliché “data is the new oil” has dominated discussions. At first glance, it seemed to explain why data was so valuable. But the comparison is outdated and misleading. Oil is finite, consumed when used, and traded as a commodity. Data is infinite, copied and recombined endlessly, and its value depends on context, quality, and consent.

Clinging to the oil metaphor reinforces a false premise: that data is simply a resource to be mined. In reality, it is relational, networked, and generative. Misunderstanding this leads to governance debates that miss the point: it’s not only about restricting or controlling data, but about understanding the systems it powers — the Internet itself and the AI systems increasingly shaping economies, societies, and daily life.

The geopolitical dimension of data governance is easy to see. In India, for example, a 2018 directive required all payments data to be stored within the country. On paper, this protects privacy. In practice, it strengthens domestic control and shifts economic power. Similarly, China’s Cybersecurity Law and Data Security Law enforce local storage and strict oversight, creating barriers for foreign companies operating in the market. Tesla, for instance, had to build local data centers in China to store car data domestically — a vivid reminder that data has become a national strategic asset.

The European Union takes a different approach, emphasizing privacy and individual rights. GDPR is already a model for privacy regulation globally, and initiatives like Gaia-X aim to create a more sovereign cloud ecosystem. But even here, uncertainty abounds: will this lead to transparency and interoperability, or will it fragment the global digital economy further?

For companies operating across borders, compliance is not a checklist; it’s a moving target. A practice acceptable in Berlin may be illegal in Bangalore. Rules shift, interpretations change, and geopolitical pressures amplify the ambiguity.

The Vagueness Problem

Even without politics, data governance suffers from a lack of clarity. Terms like “personal data” or “sensitive data” vary across regions, creating practical challenges. GDPR defines personal data expansively, while U.S. states have different thresholds. Some Asian jurisdictions exclude work-related emails. Sensitive data might include health records in one region, geolocation in another, or political opinions somewhere else entirely.

This vagueness is more than an academic problem. Apple’s delayed rollout of a child-protection scanning feature in 2021 highlighted the tension between privacy, regulatory interpretation, and public opinion. The company had intended to scan photos locally for illegal content, but privacy advocates argued the method blurred lines between personal and sensitive data. Apple paused the rollout — a clear illustration that vague definitions create uncertainty and slow progress.

Emerging Technologies, Emerging Unknowns
 
AI and other emerging technologies add complexity. Large language models, image generators, and other AI systems are data-hungry. Every model depends on vast datasets to learn, adapt, and create value. Yet, ownership, consent, and copyright remain unsettled. Stability AI and OpenAI have faced lawsuits over training data; the courts are still catching up. Without data, AI cannot exist, but unrestricted data extraction risks ethical and legal violations.

Quantum computing looms on the horizon, threatening encryption standards that underpin data security today. Blockchain introduces a paradox: immutability versus privacy laws like Europe’s “right to be forgotten.” In each case, technology moves faster than regulation, and the gap creates uncertainty for those attempting to govern data responsibly.

It would be tempting to imagine a global data governance framework, but competing priorities make this unlikely. The U.S. emphasizes innovation and market growth. The EU emphasizes privacy and human rights. China emphasizes state control. India seeks a balance between growth and sovereignty. These differing philosophies make consensus improbable.

Companies are improvising. TikTok, for instance, launched “Project Texas” to store U.S. user data domestically, hoping to satisfy regulators while maintaining global operations. Such solutions are temporary and reactive, highlighting the absence of a universally agreed framework for governing data responsibly.

Living with the Grey

Here’s the reality I keep coming back to: we cannot wait for perfect clarity. Data governance will remain ambiguous as law, technology, and politics evolve at different speeds. Organizations that thrive will embrace adaptability, embed privacy and ethics into system design, and treat governance as a living practice rather than a compliance checkbox.
At the same time, we need to move beyond abstract discussions. Though we cannot aim for an absolute definition of data governance, we can start by setting clear parameters and asking the right questions: What kinds of data use are acceptable? How do we balance access, innovation, and privacy? How can we prevent bias, exploitation, and fragmentation without stifling technological evolution? Our goal should not be a single, universally agreed definition — that is impossible — but a practical framework that addresses the legitimate concerns of data extraction and misuse while allowing systems, including AI and the Internet itself, to continue evolving safely and fairly.
We must also remember the bigger picture: data is the engine that powers the Internet and AI. Limiting it without understanding the consequences can harm innovation, connectivity, and society. Allowing unrestricted extraction without oversight risks exploitation and loss of trust. The balance is delicate, and achieving it requires more than political posturing; it requires careful thinking, experimentation, and humility.
Data governance is no longer a back-office concern. It is a front-page, global challenge, touching politics, technology, law, and ethics. It is both vital and vague. The unknowns are multiplying: AI depends on data to function, quantum computing threatens security, and governments assert sovereignty over digital assets.
Yet in this uncertainty lies opportunity. Organizations that accept complexity, act transparently, and embed ethics into governance practices will not just survive — they will help shape the future of the digital world.
I’ve heard countless conversations about data governance, but until we stop talking past each other and start defining the parameters, asking the right questions, and building practical frameworks, we risk letting political agendas and vague laws subvert the very systems and innovations we aim to protect.
Data governance is about power, trust, and the future of the Internet and AI. It’s too important to leave undefined.