Good Data Governance in the Platform Age

As more businesses turn to cloud platforms on which to build their content applications, especially as platform ecosystems evolve to encompass the best machine learning and artificial services available, what should they look for to make sure they stay on the right side of their own data governance policies and comply with regulatory mandates, such as the European Union’s General Data Protection Regulation (GDPR)?

In my MWD Advisors commentary piece on GDPR at the beginning of this year, I argued that becoming GDPR-compliant ought to ensure a company’s working practices become infused with good data governance principles — and that GDPR-compliant companies would be able to trade on the fact that they practice sound digital ethics and embrace transparency in the use of data.

Forward-thinking organizations have the opportunity to leverage these principles to help them do more with their content and data (for example, by exploiting newly affordable, best-in-class machine learning services), and do so in a demonstrably responsible way.

More Partners, Smarter Platforms, Greater Possibilities

However, if you choose to make your content work harder for you, so you can design smarter, more highly personalized applications, unless you have deep pockets and a highly-skilled army of machine learning (ML) engineers, chances are you’ll be building on a content platform and calling upon the services of big names like Amazon Web Services, Google Cloud Platform, IBM Watson or Microsoft Azure, plus any number of niche startups.

Keep Track of Your Customers’ Content

Always make sure you know where your content and data are going and where everything is being processed, to apply machine learning algorithms to it (once it leaves the confines of your own managed enterprise environment, whether that environment is on-premises or in the cloud — where it would be managed according to the terms of a service-level agreement, of course).

How is it handled in-flight? Who handles it? And how is it treated at the other end? Is it copied, shared, stored? Are your chosen third-party ML services available locally, or are you risking breaking the terms of some data geo-specificity agreement in order to extract that value and gain that advantage?

While the major cloud providers may not currently offer every component of their ML suites natively in all regions, most of them likely have plans to do so soon. You may have to wait a while before your desired functionality is available in data centers in the jurisdiction you need it to be in.

However, smaller specialist players (who lack the vast global footprint of the hyperscale cloud providers) might continue to discuss details about data transit in the small print. They’re worth paying attention to as your build out your intelligent content applications.

Governance as a Service, With Specificity at a Cost

Where does that leave your data governance oversight and regulatory compliance? In tatters?

Thankfully, a growing portfolio of tools, frameworks and consultancy services — many emerging from cloud content platform providers or their partners — are designed to help organizations get a handle on what content and data they have, where it is, and who and what (services) can access it.

Recognizing the open and extensible nature of a platform content solution, many of these governance services offer connectors that help customers see into partner applications and services, so that they can maintain a better end-to-end view of what their content gets up to (and their regulatory exposure) as it flows between the various ML and other services that might comprise a typical workflow across a platform ecosystem.

But bear in mind that while many of these services and frameworks provide assistance in tuning and tightening up your data governance, they don’t (on their own) know enough about how the GDPR would apply to your particular business operations (or platform configurations) — so don’t see them as an off-the-shelf panacea. Nor will they automatically infuse your ongoing business processes with data transparency values, unless you’re also able to guarantee a culture of good data literacy and governance awareness.

Even ML for the Masses Needs a Human Touch

Democratizing of access to new cloud-based machine learning content services encourages organizations of all shapes, sizes (and now budgets) to think themselves into new digital futures — ones that derive enhanced value from all content, and deliver smart personalization to all customers. Whether that’s an appropriate (or even legal) use for all your content is a determination each organization will have to make for itself. And likewise, each organization will need to work out how best to manage that content and audit compliance in any multiparty platform workflow.

Frameworks are evolving fast to bring good governance to what could otherwise become a Wild West of wanton API calls. Remember, just because you can do something doesn’t necessarily mean you should do it. However, platform ecosystems are evolving at a similar rate, and with machine learning arguably becoming this year’s “killer app” rationale for migrating your content to the cloud, every ML service provider is looking for a shot at the mainstream. Soon you won’t be able to move for image recognition services on every common content platform marketplace.

Luckily we still have humans — people who are able to understand where a business is and where it’s hoping to go, and how it should (as well as could) leverage the myriad partner services available in order to deliver value from content to customer. And those humans are also going to need to put some time in to ensure these new ML-powered content initiatives are built on a bedrock of compliance first and transparency first, because it’s going to be hard to weave it in afterward. Surely the pain so many are going through in preparing for GDPR Day on May 25 is teaching us that.