“The more data you have, the more important data governance becomes. Just like accessibility, however, governance is a problem that scales; more data equates to a greater number of data policies that need to be developed, enacted, and checked.”
About a year ago now, I penned an article looking at the key data trends for 2023. In it, I used the point above to highlight the growing importance of computational governance. Twelve months on, I think the need for organisations to embrace the potential of that approach has never been greater. Before we look at why that is, though, let me give you a brief refresher on what computational governance actually is.
For just about any organisation that deals with data at scale, governance of that information is now a critical issue. Legislation including the EU’s Data Governance Act and the UK’s Data Protection Act has introduced severe financial penalties (and even criminal charges) for non-compliance, providing additional motivation for organisations to put adequate controls in place.
What those controls look like can vary from organisation to organisation, with everything from the type of data in question and its point of origin through to its end use having an impact on how it is handled. At the same time, most data governance policies revolve around three key issues:
While these questions may sound simple enough on the surface, they can actually be incredibly complex. In a large organisation, for instance, how would you know that a data governance policy was being followed? How would you know if it wasn’t? If it wasn’t, how soon would you know? Would you be able to explain why the policy hadn’t been followed? Could you have prevented it from being breached? If so, how?
This is where the idea of computational governance comes in. Through a combination of data analytics and machine learning algorithms, the theory is that key data governance challenges can be automated – with policies both created and enforced via the use of artificial intelligence (AI).
Like many other tasks that can be augmented through AI, computational governance could deliver a wide range of benefits to organisations that adopt it, with some of the most appealing being its:
While the opportunities presented by computational governance might be clear, deciding on the best way to approach it is a little more complex. Even within the data science industry, where data management is a subject of the utmost importance, there are differing opinions about how computational governance should be employed. Broadly speaking, though, people tend to follow one of two distinct schools of thought.
The first of those is a technology-centric perspective, something that is common among enterprise architects. Naturally, this group tends to focus on computational governance as a development-related challenge, a puzzle to which software and applications are the solution. The key principle here is that, by embedding various parameters in at the software layer, you can establish the precise controls over data that you need.
If this sounds rather like an evolution of existing approaches to security – and the kind of policies that get built into email clients and the like – then that’s because the overarching concept is indeed very similar. It’s also quite easy to understand how that kind of model might work, with different permissions allocated to different groups based on the role they play in relation to a dataset.
On the other side, data practitioners – who have worked with data sets (and, for me, specifically personal and retail data) for many years – may focus on different issues. From our point of view, the biggest challenge regarding computational governance isn’t at the technological level, but the reality of how permissions are gained from data subjects such as retail customers, and the realities of how their data can be used.
This is inherently complex territory. Not only are there many upfront variables to consider, but the situation is also constantly evolving. Privacy notices can change, laws can shift, and even subtle alterations to terminology can mean the way you handle data today might look very different tomorrow. Even for something as innocuous as insight-gathering, that can lead to difficult questions about whether certain types of data can still be used.
A major issue here is that retailers – and indeed, most organisations – don’t tend to have a standard approach to data collection and use. As a result, no matter how good your technology-driven rules and parameters may be, computational governance is still extremely difficult to achieve because there’s simply no universal way to apply those controls.
Imagine an organisation that has a website, a loyalty programme app, and in-store self-checkouts, for instance. All three of these touchpoints could be requesting the same information from an individual, but each with slightly different use cases – and therefore slightly different privacy notices and consent options as well. Even if those things are synchronised, an individual may then provide different consents at each collection point.
What results from that is contradictory data, the kind that needs complex rules that are continually maintained and refreshed to make it useable.
At present, then, the appeal of computational governance probably comes down to the number of data sources you have, the ways in which you want to use them, and whether you’re attempting to combine them with other information. Does the concept hold greater promise for those organisations that handle less data? Today, there’s a compelling argument to suggest that’s the case.
Despite that, though, and the very real obstacles outlined above, there is abundant potential here. Difficult as it may be to get right, computational governance could give organisations and individuals a whole new level of confidence about how their data is being used.
As well as helping to alleviate the compliance burden for organisations, the additional safeguards that it brings will provide new reassurances about the safe use of personal information. But the potential will only really be unlocked when we find a more consistent – and simpler – way to collect individuals' data in the first place.
A look at dunnhumby’s unique Customer Data Science, which is at the core of everything we do.
Combining the latest techniques, algorithms, processes and applicationsUnlock the value of your data assets
Govern data more effectively and manage risk confidentlyCookie | Description |
---|---|
cli_user_preference | The cookie is set by the GDPR Cookie Consent plugin and is used to store the yes/no selection the consent given for cookie usage. It does not store any personal data. |
cookielawinfo-checkbox-advertisement | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
cookielawinfo-checkbox-analytics | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category . |
cookielawinfo-checkbox-necessary | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
CookieLawInfoConsent | The cookie is set by the GDPR Cookie Consent plugin and is used to store the summary of the consent given for cookie usage. It does not store any personal data. |
viewed_cookie_policy | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
wsaffinity | Set by the dunnhumby website, that allows all subsequent traffic and requests from an initial client session to be passed to the same server in the pool. Session affinity is also referred to as session persistence, server affinity, server persistence, or server sticky. |
Cookie | Description |
---|---|
wordpress_test_cookie | WordPress cookie to read if cookies can be placed, and lasts for the session. |
wp_lang | This cookie is used to remember the language chosen by the user while browsing. |
Cookie | Description |
---|---|
CONSENT | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
vuid | Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website. |
_ga | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. |
_gat_gtag_UA_* | This cookie is installed by Google Analytics to store the website's unique user ID. |
_ga_* | Set by Google Analytics to persist session state. |
_gid | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
_hjSessionUser_{site_id} | This cookie is set by the provider Hotjar to store a unique user ID for session tracking and analytics purposes. |
_hjSession_{site_id} | This cookie is set by the provider Hotjar to store a unique session ID, enabling session recording and behavior analysis. |
_hp2_id_* | This cookie is set by the provider Hotjar to store a unique visitor identifier for tracking user behavior and session information. |
_hp2_props.* | This cookie is set by the provider Hotjar to store user properties and session information for behavior analysis and insights. |
_hp2_ses_props.* | This cookie is set by the provider Hotjar to store session-specific properties and data for tracking user behavior during a session. |
_lfa | This cookie is set by the provider Leadfeeder to identify the IP address of devices visiting the website, in order to retarget multiple users routing from the same IP address. |
Cookie | Description |
---|---|
aam_uuid | Set by LinkedIn, for ID sync for Adobe Audience Manager. |
AEC | Set by Google, ‘AEC’ cookies ensure that requests within a browsing session are made by the user, and not by other sites. These cookies prevent malicious sites from acting on behalf of a user without that user’s knowledge. |
AMCVS_14215E3D5995C57C0A495C55%40AdobeOrg | Set by LinkedIn, indicates the start of a session for Adobe Experience Cloud. |
AMCV_14215E3D5995C57C0A495C55%40AdobeOrg | Set by LinkedIn, Unique Identifier for Adobe Experience Cloud. |
AnalyticsSyncHistory | Set by LinkedIn, used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries (which LinkedIn determines as European Union (EU), European Economic Area (EEA), and Switzerland). |
bcookie | LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognise browser ID. |
bscookie | LinkedIn sets this cookie to store performed actions on the website. |
DV | Set by Google, used for the purpose of targeted advertising, to collect information about how visitors use our site. |
ELOQUA | This cookie is set by Eloqua Marketing Automation Tool. It contains a unique identifier to recognise returning visitors and track their visit data across multiple visits and multiple OpenText Websites. This data is logged in pseudonymised form, unless a visitor provides us with their personal data through creating a profile, such as when signing up for events or for downloading information that is not available to the public. |
gpv_pn | Set by LinkedIn, used to retain and fetch previous page visited in Adobe Analytics. |
lang | Session-based cookie, set by LinkedIn, used to set default locale/language. |
lidc | LinkedIn sets the lidc cookie to facilitate data center selection. |
lidc | Set by LinkedIn, used for routing from Share buttons and ad tags. |
li_gc | Set by LinkedIn to store consent of guests regarding the use of cookies for non-essential purposes. |
li_sugr | Set by LinkedIn, used to make a probabilistic match of a user's identity outside the Designated Countries (which LinkedIn determines as European Union (EU), European Economic Area (EEA), and Switzerland). |
lms_analytics | Set by LinkedIn to identify LinkedIn Members in the Designated Countries (which LinkedIn determines as European Union (EU), European Economic Area (EEA), and Switzerland) for analytics. |
NID | Set by Google, registers a unique ID that identifies a returning user’s device. The ID is used for targeted ads. |
OGP / OGPC | Set by Google, cookie enables the functionality of Google Maps. |
OTZ | Set by Google, used to support Google’s advertising services. This cookie is used by Google Analytics to provide an analysis of website visitors in aggregate. |
s_cc | Set by LinkedIn, used to determine if cookies are enabled for Adobe Analytics. |
s_ips | Set by LinkedIn, tracks percent of page viewed. |
s_plt | Set by LinkedIn, this cookie tracks the time that the previous page took to load. |
s_pltp | Set by LinkedIn, this cookie provides page name value (URL) for use by Adobe Analytics. |
s_ppv | Set by LinkedIn, used by Adobe Analytics to retain and fetch what percentage of a page was viewed. |
s_sq | Set by LinkedIn, used to store information about the previous link that was clicked on by the user by Adobe Analytics. |
s_tp | Set by LinkedIn, this cookie measures a visitor’s scroll activity to see how much of a page they view before moving on to another page. |
s_tslv | Set by LinkedIn, used to retain and fetch time since last visit in Adobe Analytics. |
test_cookie | Set by doubleclick.net (part of Google), the purpose of the cookie is to determine if the users' browser supports cookies. |
U | Set by LinkedIn, Browser Identifier for users outside the Designated Countries (which LinkedIn determines as European Union (EU), European Economic Area (EEA), and Switzerland). |
UserMatchHistory | LinkedIn sets this cookie for LinkedIn Ads ID syncing. |
UserMatchHistory | This cookie is used by LinkedIn Ads to help dunnhumby measure advertising performance. More information can be found in their cookie policy. |
VISITOR_INFO1_LIVE | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
YSC | YSC cookie is set by YouTube and is used to track the views of embedded videos on YouTube pages. |
yt-remote-connected-devices | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt-remote-device-id | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt.innertube::nextId | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
yt.innertube::requests | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
_gcl_au | Set by Google Analytics, to take information in advert clicks and store it in a 1st party cookie so that conversions can be attributed outside of the landing page. |