Big data is the foundation of growth, competition, productivity, and innovation in the 21st century. But not everyone benefits – indeed, many are harmed – unless the right policies are put into place. We’ve seen the EU take the forefront at the federal level in these matters, with GDPR. Other regions are incrementing their way toward similar versions of federal privacy and security measures.

But even while data piles up throughout the world, with business and government amassing highly detailed personal information, data governance is a growing problem. Many governments lag distressingly far behind with data governance despite grand, resource-heavy gestures toward digitization. Some of these are in the Middle East.

Data Governance in the Middle East – a Quick Background

From Qatar to the UAE and especially in the Gulf Cooperation Council (GCC), the collection of oil-exporting Arab states in the Persian Gulf, the Middle East is witnessing a strong period of growth. Digital transformation is seen as a means to economic expansion, so naturally enterprises are pushing the boundaries with data, harvesting and leveraging it to fuel growth.

In the past, data storage itself presented what amounted to automatic non-compliance with GDPR-level regulations, as there were no viable data centers located in the Middle East. Now, however, overseas companies like Microsoft and Amazon Web Services (AWS) are opening up local data centers to help enable an improved infrastructure for handling data within compliance.

But that doesn’t mean businesses and government organizations have to comply. Although there are now regional and local data centers, they’re all in the GCC, which has no overarching data protection regulation. What’s more, the Middle East is seeing a rise in cybercrime incidents with little or no headway being made to instill controls. That gives cyber criminals plenty of incentive to target countries like Saudi Arabia, the UAE, and Qatar, whose oil-rich governments have certainly had the means to implement forward-thinking data-collection initiatives.

One prime example is Saudi Arabia, whose “Vision 2030” program outlines the government’s grand digital aspirations for government services and “human capital development”.

Saudi Arabia’s Vision 2030 Outlines Impressive Digital Goals

A brief glance at King Salman’s vision for super-charging the Saudi government’s digital transformation journey leaves you with a feeling of encouragement. There are mentions of equipping government employees to operate a world-class public service, increasing employee productivity to international standards, and even “creating a stimulating workplace that embraces equal opportunity and rewards excellence”.

Thanks to a progressive e-government program, Saudi Citizens can now apply for federal jobs online, manage their passports, handle civil affairs, register their businesses, and make online payments. And looking forward, they will be able to access health care services and their children will be able to enjoy a connected school system. And here’s the icing on the cake: increased  data sharing between the public agencies who collect their data. And even more to look forward to:

“We are also supporting the wider use of online applications in government agencies, such as cloud applications, data sharing platforms and HR management systems.”

And to reassure the people of the Kingdom of Saudi Arabia that their best interests are being protected, this statement:

“We’ve committed to making our public spending radically more efficient by using our resources more effectively, and limiting waste.  We will launch the “Qawam” program as a reflection of the Qur’anic verse that calls for moderation in spending between excess and parsimony.”

Certainly applaudable but the privacy-minded among us are probably already wondering what the Vision 2030 says about data governance.

What’s in Store for Data Governance, According to Vision 2030?

Saudi Arabia’s Vision 2030 Program includes promoting a sophisticated digital infrastructure:

“We will strengthen the governance of digital transformation through a national council.”

Impressively, their goal is to bring modern telecommunications coverage and capability, including high-speed broadband, to 90 percent of densely-populated urban areas and roughly two-thirds of other urban areas. They also promise to support local investing in IT infrastructures. But is there mention of data protection? And as was pointed out earlier, they’ve also made great strides in “e-government” but is there mention of online privacy?

When I performed a site search on the official Vision 2030 website, there were no results for the word “privacy”. Let me put that in perspective for you: that’s around 80 pages of digital initiatives and not one mention of the word privacy. Equally disappointing: the section entitled “governance” does not mention data governance.

Mountains of personal data is being collected from private citizens sits in massive “piles”. What’s being done to protect it? The Kingdom does have some protections in place, but they are industry-specific or limited to covering only certain agencies within the government. It’s fragmented, nothing at the federal level.

But when even “first world” countries like the United States have trouble getting federal chief data officers in place, what can we expect from countries whose main objective is solving basic infrastructure problems?

Fragmentation Will Continue to be an Issue

Despite privacy shortcomings and lack of a clearly-outlined plan for data governance at the federal level, there’s a lot of GDPR-focused activity in the Kingdom of Saudi Arabia. That’s because at the enterprise level, compliance is a distinguishing competitive factor no matter where your company calls home – a business decision. Businesses want to comply, namely because violating GDPR means essentially shutting themselves out of the global market. If they want to do business with foreign entities and private individuals, they’ll need to institute their own stiff data governance policies, self-regulating to avoid heavy penalties for non-compliance.

Like in any country, the way of the future seems to be a close alliance between government and those who can inform federal lawmakers on protecting people’s personal information – in other words, a well-informed government is the key.

But until the ultimate authority in the Kingdom – the Royal government – leads the way with a comprehensive plan for data governance at the federal level, there will always be fragmentation. And much like other countries that lack a tough federal mandate, the players will continue to find a way to stretch the rules, ignore their obligations, exploit personal data for their own bottom lines.