Indigenous Data Governance in Australia: Towards A National Framework The International Indigenous Policy Journal Volume 14 | Issue 1 April 2023 Indigenous Data Governance in Australia: Towards A National Framework James Rose The University of Melbourne, Australia , james.rose@unimelb.edu.au Marcia Langton The University of Melbourne, Australia . m.langton@unimelb.edu.au Kristen Smith The University of Melbourne, Australia . kristens@unimelb.edu.au Darren Clinch The University of Melbourne, Australia , darren.clinch@unimelb.edu.au Recommended Citation Rose, J., Langton, M., Smith, K., & Clinch, D. (2023). Indigenous data governance in Australia: Towards a national framework. The International Indigenous Policy Journal, 14(1). doi: https://10.18584/iipj.2023.14.1.10987 Indigenous Data Governance in Australia: Towards A National Framework Abstract Australia's distinctive colonial administrative history has resulted in the generation and capture of large quantities of personal data about Indigenous Peoples in Australia, which is currently controlled and processed by government agencies and departments without coherent regulation. From an Indigenous standpoint, these data constitute stranded assets. Established legal frameworks for pursuing recovery of other classes of asset alienated by governments from Indigenous Peoples in Australia, including land, natural resources, and unpaid wages, have not yet been extended to the recovery of Indigenous data assets. This legacy scenario has created a disproportionate administrative burden for Indigenous organisations by sustaining their dependency on government for necessary data, while simultaneously suppressing the value of their own contemporary community-owned data assets. In this article, we outline leading international legal, economic, and scientific frameworks by which an equitable arrangement for the governance of Indigenous data might be restored to Indigenous Peoples in Australia. Keywords Indigenous data governance, Indigenous data sovereignty, Indigenous property rights, Indigenous Australia, data science, data policy, scientific data, personal data, data rights, intellectual property rights, Indigenous land rights, native title Creative Commons License This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License. http://creativecommons.org/licenses/by-nc-nd/4.0/ http://creativecommons.org/licenses/by-nc-nd/4.0/ http://creativecommons.org/licenses/by-nc-nd/4.0/ 1 Rose et al.: Indigenous Data Governance in Australia Published by Scholarship@Western, 2023 Indigenous Data Governance in Australia: Towards A National Framework The Indigenous Data Network (IDN) is an Indigenous-led research project with several Aboriginal community partners as well as data custodians from the Australian government sector. Based at the University of Melbourne, IDN researchers are working with our partners to develop a distinctive Indigenous data governance framework to enable the greatest degree possible of self-determination for Indigenous data owners and stewards. We are working to deploy their substantial data assets for the benefit of their communities, while prioritising Indigenous futures. The historical context of this initiative has required bringing a decolonising logic to our work to reframe several key concepts in this field. In this paper we review key international data governance principles and guidelines with the intent of addressing the restitution of Australian Indigenous rights and interests in data, and propose a synthesised model that should form the basis of our data governance: (In)digenous (Dat)a (O)wnership, C(ustodianship), and (S)tewardship or “InDatOCS.” Indigenous data is one among a set of asset classes in which Indigenous individuals and communities held an interest prior to the assertion of sovereignty over Australia by Britain in 1770. Since the amendment of the Australian constitution in 1967, which allowed the Australian Commonwealth as heir to British colonial rule to make laws with respect to Indigenous Peoples in Australia for the first time,1 the pre-existence of Indigenous interests in four of these asset classes has been acknowledged by a flow of legal challenges in a range of court jurisdictions, and by a series of acts of legislation at both federal and state levels. In the 1970s and 1980s, this flow focused on the prior and continuing ownership of land (Chartrand, 1981). Then, during the 1990s, more sophisticated legislation focused on interests in so-called “bundles of rights,” including not only interests in the ownership of land, but also in non-proprietary access to land, use of natural resources, and agreement-making with respect to both land and natural resources (O’Faircheallaigh, 2007; Tehan, 2003). Most recently, in the 2000s and 2010s, existing racial discrimination legislation has been tested as a means to address Indigenous interests in labour, which was systematically exploited under a framework of legalised slavery or “stolen wages” for nearly two centuries prior to the 1970s (Kinnane, et al., 2015). Throughout this same period, from the late 1970s onwards, existing copyright law2 has been leveraged and refined as a means for exercising Indigenous intellectual property rights in certain domains of knowledge, such as medicine (Evans et al., 2009), art (Anderson, 2005), and music (Janke & Iacovino, 2012). This evolution of legal and administrative thought in Australia may be understood in terms of a gradual realization that Indigenous individuals and communities bear inherent interests in certain classes of asset by virtue of their distinct identity as a people. This is an identity with a distinctive spatiotemporal character, defined by the ancient and continuing occupation of Australia independently of other peoples, and independent of the existence of the Commonwealth that currently purports to make laws with respect to them. In the evolutionary process so far, the asset classes recognised include three classes of tangible asset and one class of intangible asset, viz:. 1) land; 2) natural resources, including their ownership, use, and exchange; 3) labour; and 4) 1 Prior to the 1967 amendment, Australia's 1901 national constitution restricted to lower state governments the passing of laws affecting Indigenous Australians. Prior to 1901, Australia was governed via six independent power-sharing agreements between the British Colonial Office and six separate colonial authorities distributed around the continent. These governments were free to make laws regarding Indigenous Australians that reflected their own ideological and economic interests. 2 Particularly the Commonwealth Copyright Act (1968). 2 The International Indigenous Policy Journal, Vol. 14, Iss. 1 DOI:10.18584/iipj.2023.14.1.10987 intellectual property. Each set of interests is distinguished from those of non-Indigenous peoples based on the broadly uniform reasoning that they have been transmitted via a hereditary mechanism from one generation of individuals to another over a period extending from the present to a point in the distant past that predates the assertion of sovereignty over Australia by the British and thence Commonwealth governments. It is this convergent understanding of Indigenous property rights, as bearing a spatiotemporal depth greater than those of non-Indigenous peoples, which has given rise to the distinctive recognition of those rights under the law. Importantly, the four classes of asset recognised so far all comprise well developed and widely understood objects of market value. The acceptance by Commonwealth and state governments of Indigenous interests in each of the four classes of asset has generally emerged concurrent with a decline in value of the respective asset on the open market, insofar as the interests of non-indigenous peoples has lessened sufficiently and been sufficiently regulated, so as not to be threatened by the inclusion of Indigenous interests in the corresponding market for that object of value. Procedures available to Indigenous individuals and corporations for pursuing their interests within these markets, whether administrative or litigious, have involved the development of relevant governance frameworks that interdigitate with extant Australian administrative culture and jurisprudence. No such framework yet exists for the governance of Indigenous data as an asset in which Indigenous individuals and communities hold a persistent and ongoing interest. In this paper we work through each of the constituent elements involved in a prospective Indigenous data governance framework that would give voice to this interest. These include a) defining and modelling data as a quantifiable output of human work; b) defining Indigenous data as an output distinguished by its unique spatiotemporal character, in line with other Indigenous asset classes; c) characterising the existing data governance environment in Australia; d) identifying leading extant international regulatory frameworks for data governance; and e) understanding the historical use of data by Australian governments in the governance of Indigenous Peoples in Australia. To this end, Section 1 addresses definitions of data governance, the semantic and financial value of data as an asset, and Indigenous data as a specific class of data, culminating in the introduction of the InDatOCS model of Indigenous data governance. Section 2 addresses the current legislative landscape in Australia with regard to data regulation, the transformation of historical Indigenous data from a live administrative state into an “archival” state, and international benchmarks for the regulation of personal data as an asset. Section 3 reviews existing non-enforceable data governance principles and guidelines that bear the most relevance to development of a coherent framework for Indigenous data governance in Australia. Section 4 concludes with a summary of these elements' relevance and recapitulates their interdigitation in the InDatOCS model of Indigenous data governance, newly presented here. 1.1 Data Governance and Data Sovereignty In recent years the phrase “Indigenous data” has been closely attached to the term “sovereignty” (Kukutai & Taylor, 2016; Lovett et al., 2019; Rainie et al., 2019; Walter & Suina, 2019; Walter et al., 2021). This latter term has two meanings in late colonial settings that do not frequently intersect. One of these meanings is aspirational, reflective of and giving voice to both the heritage of Indigenous Peoples as free and independent polities, together with a vision to restore that freedom and independence. The other meaning of the term “sovereignty” reflects the enforceable basis on which governments assert the authority to make laws with respect to a given jurisdiction. The phrase 3 Rose et al.: Indigenous Data Governance in Australia Published by Scholarship@Western, 2023 “Indigenous data sovereignty” (“IDSov”) connotes both these meanings. On the one hand, it indicates that data has been and continues to be generated by and about Indigenous Peoples independently of colonial assertions to authority. On the other hand, it also indicates that the authority to make laws with regard to data depends on the enforceability of those laws. The term “governance” means something else altogether, having to do with the roles, functions, and relations that unite individuals and organisations, including communities, institutions, and governments, into a system of administration that channels goods and services efficiently and coherently throughout a population. The phrase “Indigenous data governance” emphasises the discrete existence of Indigenous data alongside data about other sections of a national population, and implies its value as bearing discrete relevance to the interests of Indigenous individuals and communities, alongside other forms of interest. It also connotes the special place that Indigenous interests hold in a national governmental system. In this paper, we use the phrase “Indigenous data governance” as bearing a more functionally oriented and broadly encompassing set of concepts than that of “Indigenous data sovereignty” alone. While we consider both meanings of the term “sovereignty” as vital in this context, we also treat it as relating to a more specific and subset question of the legal authority of governments. We therefore consider Indigenous data sovereignty a subset issue of Indigenous data governance. 1.2 The Data Information Knowledge Wisdom (DIKW) Hierarchy In non-scientific discourse, the term “data” is often used interchangeably with terms such as “information,” “knowledge,” and “wisdom” without formal definition (Commonwealth of Australia, 2019; Rainie et al., 2019). However, in business analytics, data science, linguistics, and social semiotics, these entities form discrete elements in a system of cognitive and intellectual work. The taxonomic model known as the “Data Information Knowledge Wisdom (DIKW) Hierarchy” was first formally developed in the late 1980s as a heuristic means for explaining the way in which quantifiable sensory inputs are acquired and progressively generalised through a series of transformations into incrementally more valuable states (Ackoff, 1989; Bernstein, 2011; Sharma, 2008). The underlying explanatory function of the DIKW model was to show how cognitive and intellectual work is applied to information flows in order to yield increasingly valuable semantic “products” at each of four steps. The model highlights that data, information, knowledge, and wisdom each bear distinct types of utility across varying social and cultural contexts. The formality of this model is approximate however, designed for business analytics rather than data science. In refining and adapting the model, data scientists have pointed out that if the explanatory focus of the DIKW model is one of serial refinement at successive points in a production flow, then the order of that series should be inverted so that the most generalised and structurally complex semantic product, wisdom, is construed as the primary sensory input from which successively more specific units are distilled, ultimately yielding irreducible bits of data (Batra, 2014; Tuomi, 1999). Linguists and social semioticians have provided corollary models (Bernstein, 1999, 1999; Halliday 2005) For the purposes of understanding individual and community interests in data, this convergence between business analytics, data science, and linguistic and social semiotic theory reflects a congruent model in which data is the most refined semantic product of cognitive and intellectual work by individuals and communities over time. For Indigenous Peoples in Australia, this interest spans tens of thousands of years and more than one thousand generations of people continuously 4 The International Indigenous Policy Journal, Vol. 14, Iss. 1 DOI:10.18584/iipj.2023.14.1.10987 occupying the same continent and exercising a constant cognitive and intellectual effort that gives rise to multiple types of semantic product. The importance of distinguishing data from other semantic products of cognitive and intellectual work lies both in the practicality of applying a potential administrative framework to the legal recognition of Indigenous data as an asset, and in a coherent technical definition that reflects the specialist disciplines relevant to the study of data and its generation. 1.3 Data as an Intangible Asset The classification of data as an asset is no different than the classification of the other four assets listed above, insofar as the market value of data is now accepted, and insofar as the data market, dominated by what is known colloquially as the “tech sector,” has reached a high level of maturity (Bhansali, 2013; Laney, 2012, 2017; Schwab et al., 2011). However, there are some important distinctions in the way that data is classified as an asset and in the way that it is traded. Firstly, the speed at which the data market has expanded and matured is unprecedented compared with the development of markets for other Indigenous assets. Secondly, there is a lack of local variation in the way that data is traded across this new market, both in geographic terms, and in terms of the sector- specific actors operating within the data market. This lack of variation is reflected in the homogeneity of the global market, which is distinct from the heterogenous markets in which other Indigenous asset classes are traded. Dominant actors in the data market are all large international traders associated with the tech sector, such as Google, Apple, Amazon, Facebook, and others. By contrast, at the time that Indigenous interests began to be acknowledged by Australian governments between the 1970s and early 1990s, the dominant traders in markets for land, natural resource, labour, and intellectual property assets were mostly national-level actors within Australia. The rapid maturation of the data market, combined with its global homogeneity, have caught existing market participants by surprise, such that even established sectors within this market, such as the fossil fuel industry, which has traded in geological and chemical data assets for more than a century, have been slow to realise data’s changing value (Perrons & Jensen, 2015). This pattern is indicative of an uneven distribution in capacity to realise data asset value, even where established market actors may already possess high asset volumes. It explains the pronounced profitability of companies that are geared to trade exclusively in data rather than mixed assets, as governments do. It is not surprising, then, that middle power national governments such as the Australian Commonwealth have been slow to respond with regulatory measures to the rapid and unprecedented emergence of the data economy. Under these circumstances, the prospective recognition and acceptance of Indigenous interests in data assets by the Australian government may deviate from previous attitudes to the management of information, since there is unlikely to be a diminution in market value or significant change in regulatory oversight in the foreseeable future, as presaged the historical acceptance by government of Indigenous interests in other forms of asset. 1.4 Data Governance Roles, Functions and Relations: The OCS Model As with systems of governance generally (Koliba et al., 2018), data governance is properly construed as an organisational system comprised of roles and relations, each of which are defined by intersecting functions (Aisyah et al., 2018; Cheong & Chang, 2007; Otto, 2011; Sarsfield, 2009). The governance of data is realised in three such roles, including data owners, custodians, and stewards (Aisyah et al., 2018; Cheong & Chang, 2007; Laurie et al., 2018; Otto, 2011; Sarsfield, 5 Rose et al.: Indigenous Data Governance in Australia Published by Scholarship@Western, 2023 2009), or what we refer to here as an (O)wnership, (C)ustodianship, and (S)tewarship model of data governance. Modes of governance vary according to the functions assigned to these roles and relations by corresponding governmental authorities. In some instances, as discussed below with regard to the European Union’s General Data Protection Regulation (2018), data custodians may bear responsibility to data owners, while stewards act under instruction from custodians. In other cases, as discussed below with regard to Australia’s legacy colonial administrative regime, all three roles may be collapsed under the authority of a single entity such as a state or Commonwealth government. The roles, functions, and relations of a generic OCS data governance model are summarised below: • Role: Data Owner o Function: Determines all purposes for which and means by which a data asset is generated, stored, accessed, processed, and destroyed. o Relation 1: Data Owner->Data Custodian (Determines custodianship) o Relation 2: Data Owner->Data Steward (Determines stewardship) • Role: Data Custodian o Function: Supplies data storage and access services. o Relation 1: Data Custodian<-Data Owner (Supplies custodianship services on behalf of a Data Owner) o Relation 2: Data Custodian<->Data Steward (Supplies access and storage services to a Data Steward) • Role: Data Steward o Function: Supplies data processing services, including creation, linkage, modelling, analysis, and destruction. o Relation 1: Data Steward<-Data Owner (Supplies stewardship services on behalf of a Data Owner) o Relation 2: Data Steward->Data Custodian (Supplies processing services to a Data Custodian) These roles, functions and relations may be visualised as a triadic network (see Figure 1). Figure 1. Visualisation of the OCS model of data governance, integrating the roles, functions, and relations of systematic data (O)wnership, (C)ustodianship and (S)tewardship The OCS model of data governance introduces an important perspective for the governance of Indigenous data where, under most current legal frameworks, government performs all three roles of owner, custodian, and steward. This is the case even where the legislation under which data may 6 The International Indigenous Policy Journal, Vol. 14, Iss. 1 DOI:10.18584/iipj.2023.14.1.10987 originally have been generated has since been repealed, including various state and territory Aboriginal “Protection” acts and the sections of Australia's federal constitution that devolved all powers regarding Indigenous Peoples to state and territory governments prior to 1967. As discussed below, the general administrative assumption in Australia has been that data generated by and about Indigenous individuals and communities under moribund legislation, automatically takes on the form of “archival records,” the most relevant governing instruments for which are contained in privacy legislation. From our perspective, this is an unsatisfactory position because it does not give regard to the very real and substantive ongoing value of the data encoded in so-called “archival” records for the purposes of contemporary Indigenous community vitality. Longitudinal modelling and analysis of Indigenous health, education, and economic participation are foremost among these contemporary applications of so-called “archival records,” and even then, comprise only one among a panoply of other potential applications from which Indigenous Peoples in Australia might benefit. Reformulating the administrative understanding of this material as a data asset in which Indigenous individuals and communities hold real financial interest is convergent with current government and community priorities. In the rest of this paper, we orient discussions of existing data governance instruments and frameworks towards the model of data governance described above. For this purpose, we confer upon the role “data owner” the more specific title “Indigenous data owner.” The criteria for such a status is consistent with other administrative and legal definitions of Indigenous asset ownership in Australia, i.e., having either been personally responsible for the generation of that asset, or being a hereditary heir of those involved in the generation of that asset. This means that an Indigenous data owner is a person who has been involved in the generation of a data asset either in whole or in part, either through their own direct activity, or the activity of one or more of their ancestors, or though the indirect act of being a subject of the activity of another person or organisation. By this, we mean that Indigenous data is generated either by or about Indigenous individuals and communities, and so is owned by them either in whole or in part and is transmissible via an intergenerational hereditary mechanism. In this paper, we seek to give voice to the real and specific interests of Indigenous Australian data owners by prefixing these formal terms and definitions of Indigenous Data to the OCS model. We refer to this governance model of (In)digenous (Dat)a (O)wneship (C)ustodianship, and (S)tewardship forthwith as “InDatOCS.” 1.5 The Data Life Cycle The roles, functions, and relations that constitute systems of data governance all contribute to the structure of what is referred to as a “data life cycle” (McDowall, 2018a; Pandit et al., 2018; Wing, 2019). As suggested by the term, a data life cycle describes the processes to which data is subjected between the points of its generation and destruction. The model of a life cycle confers a temporal order on the otherwise weakly directed structure of the OCS data governance model described above. In other words, it gives direction to the flow of processes via the functions and relations between the roles of data owner, custodian, and steward. Figure 2 integrates this temporal ordering into the model of systemic governance shown in Figure 1 above. 7 Rose et al.: Indigenous Data Governance in Australia Published by Scholarship@Western, 2023 Figure 2. Data life cycle integrating roles, functions, and relations of the OCS model of data governance The life cycle of Indigenous data in an Australian setting is complicated by governments’ pervasive occupation, either asserted or actual, of all three OCS roles of owner, custodian, and steward. With respect to Indigenous data assets characterised as “archival records,” for example, contemporary government departments and agencies that have replaced those responsible for past injustices against Indigenous Peoples, have inherited the practical authority associated with the role of data owner from historical actors, while at the same eschewing other negative associations of those actors. In circumstances such as these, data life cycles that span multiple generations of Indigenous individuals and communities extend beyond the lifetime of government agencies and departments that inflicted grave trauma on Indigenous Peoples and later express remorse for such conduct. Scenarios such as these clearly demonstrate the unviability of governments’ claims to the status of owner with respect to Indigenous data. While it may be appropriate for contemporary government agencies and departments to perform the functions of data custodianship and stewardship under present circumstances, claims to ownership of data are inconsistent with contemporary Australian jurisprudence on the issue of data interests. The InDatOCS model of data governance introduced in Section 1.4 above both integrates into the OCS model the temporal ordering of a data lifecycle, as defined by McDowall (2018a), Pandit et al. (2018), and Wing (2019), and gives voice to the interests of Indigenous data owners in Australia with respect to the distinctive lifecycle of Indigenous data generated during Australia’s colonial administrative history. These interests are those in which the lifecycle of Indigenous data has been historically skewed towards the deliberate, ongoing alienation of Indigenous Peoples in Australia from data assets to which they hold a rightful claim under the terms outlined above. 1.6 Indigenous Data as a Special Spatiotemporal Class of Personal Data As with Indigenous interests in land, natural resources, labour, and intellectual property, discussed above, Indigenous interests in data are premised on the distinct status of Indigenous Peoples as pre- existing other peoples in a region of geographic space and historical time. Individuals and communities in Australia are definable as Indigenous because they and/or their antecedents existed within the spatial limits of current Australian jurisdiction prior to other individuals and communities. The very existence of Indigenous individuals and communities in present-day Australia implies an unbroken process of population regeneration since the incursion of individuals and communities arriving from other regions of the planet. 8 The International Indigenous Policy Journal, Vol. 14, Iss. 1 DOI:10.18584/iipj.2023.14.1.10987 The legal recognition of pre-existing interests as inherent to Indigenous Peoples, precludes further denial of this recognition with regard to any other asset that can be shown to exist in Australia. This means that data, defined as an asset with financial value, must also have scope for a distinct Indigenous character where its generation is dependent upon the existence of Indigenous individuals and communities. Whereas Indigenous interests in more generalised and complex semantic products, such as “knowledge,” have been widely recognised and accepted in law in terms of intellectual property rights (Anderson, 2005; Evans et al., 2009; Janke & Iacovino, 2012), Indigenous interest in data are yet to be recognised and accepted in law as bearing such a character. As outlined in Section 1.5 above, integration of Indigenous interests into an OCS model of data governance via the InDatOCS reformulation allows for the formal definition of Indigenous interests in data lifecycles historically skewed against them. The further specification of those interests as originating in the distinctive spatiotemporal attributes of Indigenous data, lays the foundations for coherent data provenance tracing mechanisms. In summary, Indigenous data is defined here by its unique features on the five measures listed above, including 1) ownership of data underpinned by a discrete form of sovereignty; 2) data as the semantic product of cognitive and intellectual work within a cultural context of origin specific to Indigenous peoples; 3) data as an intangible asset in which Indigenous Peoples hold a specific interest in tension with the historic interests of colonial governments; 4) the three-part OCS model of data governance in which Indigenous individuals and communities comprise a specific class of data owner, and consequently; 5) Indigenous data as exhibiting a life cycle with a spatial and temporal depth characteristic of Indigenous Peoples exclusively. As stated above, we propose that the unique combination of these five features in the formal definition of Indigenous data, give rise to the need for a distinctive data governance framework in Australia. We propose further that this framework is most effectively based on the internationally accepted OCS model described above, which can be usefully operationalised by Indigenous individuals and communities in an Australian setting by reformulation as the InDatOCS model of Indigenous data governance. In the following two sections of this paper, we describe the ways in which existing Australian and international regulatory instruments and extant principles and guidelines construe and operationalise the five features of data governance defined here, either individually or in combination. The purpose of this review is to illustrate why an integrated national framework for Indigenous data governance is necessary for Australia, how existing regulatory instruments, principles, and guidelines may be relevant to such a framework, and, ultimately, how such a framework should operate on the basis of the InDatOCS model. 2. Existing Australian and International Regulatory Instruments There are currently no Australian or international regulatory instruments specifically identifying Indigenous data as a discrete category of intangible asset attached to enforceable laws. While the United Nations Declaration on the Rights of Indigenous Peoples (UNDRIP) is accurately cited as the most likely relevant international instrument undergirding a potential framework for the legal recognition of Indigenous interests in data (Kukutai & Taylor, 2016), data is not mentioned in the Declaration itself. The closest formal approximation of a reference to interests in data are Articles 31- 32, which address rights to “maintain, control, protect and develop” various forms of Indigenous property, including intellectual property. The assessment of the UNDRIP's relevance to Indigenous 9 Rose et al.: Indigenous Data Governance in Australia Published by Scholarship@Western, 2023 data interests tends to be made on the grounds that aspirations to Indigenous data sovereignty in particular are reflected in a broader aspiration to self-determination set forth in the Declaration (Kukutai & Taylor, 2016). Rights to Indigenous data governance are likewise inferred, rather than explicitly described. Sophisticated extrapolations of both concepts have been put forward by a number of Indigenous legal, health, and data science experts (Davis 2016; Griffiths et al., 2019; Madden et al., 2016; Rainie et al., 2019). Following the lead of these authors and others, we extend the analysis of the UNDRIP’s general relevance to a more specific comparative analysis of existing regulatory instruments, with particular regard to Australia. We begin by summarising the features of the regulatory environment in Australia, focussing on the recently established Office of the National Data Commissioner, its precursor and sister organisation the Office of the Australian Information Commissioner, and relevant legislation, particularly the Consumer Data Right and the Data Availability and Transparency frameworks, the latter of which was recently introduced to the Australian parliament at the time of writing. We then turn to what is widely regarded as the world’s leading data regulation, the European Union’s General Data Protection Regulation, enacted in 2018. 2.1 The Australian Data Governance Environment Historically, governance of data pertaining to Indigenous individuals and communities in Australia individuals and communities was held to be the domain of specialised academic administrative fields, typically social or cultural anthropology, and state-based governmental agencies, such as “Aborigines Protection Boards” and later “Aboriginal Welfare Boards,” which in many instances were directly staffed by anthropologists3. Although some of these domains of authority have undergone adaptation since the 1970s, particularly with the emergence of Indigenous controlled organisations operating in multiple essential service sectors, the understanding of Indigenous data as a discrete form of asset is still relatively alien. The overarching understanding of data generated by these domains of research has remained similarly unaltered, characterised broadly by a focus on rights to individual privacy and confidentiality rather than on interests in property (e.g., AIATSIS, 2014; NSW Office of Aboriginal Affairs, 2020; South Australian Museum, 2017; Toussaint, 2017). This is generally reflective of a national regulatory environment in Australia that is not explicitly cognisant of the financial value of data as an asset. Existing Australian legislation directly regulating data generation and exchange is limited to privacy protections. This includes federal, state, and territory laws regulating the collection of identifiable attribute data or “metadata” about individuals and their relationships, including names, ages, genders, physical addresses, financial and medical attributes, and so on. These laws may be broadly classified as pertaining to one or a combination of key service sector domains, including health, education, employment, finance, policing, and telecommunications. Of these, health and policing have received significant media attention in recent years, particularly in relation to the “My Health Record” initiative (2018), which involves the aggregation and centralisation of individual health records on a national scale, and the Telecommunications Legislation Amendment Bill (2018), which 3 E.g. A.P. Elkin who was both professor of Anthropology at the University of Sydney and vice-president of the New South Wales Aboriginal Welfare Board between the 1930 and1970s. 10 The International Indigenous Policy Journal, Vol. 14, Iss. 1 DOI:10.18584/iipj.2023.14.1.10987 compels information technology and telecommunications service providers to ensure personal communication device decryption is made available to government security forces. The Office of the Australian Information Commissioner (OAIC), established in 1989 and originally titled the “Office of the Australian Privacy Commissioner,” is responsible for a number of regulatory functions under Australia’s federal Privacy Act (1988) and Freedom of Information Act (1982). Both these pieces of legislation predate the emergence of the data economy by nearly two decades, with the OAIC itself predates that event by nearly a decade. Major legislative reforms in 2010 refocused the functions of the OAIC on administration of public access to government records. Separately, the Australian Competition and Consumer Commission (ACCC), established in 1995, is responsible for the administration of Australia’s Federal Trade Practices Act (1974), now re- named the Competition and Consumer Act (2010). The ACCC’s interest in data is limited to the regulation of its access and pricing by retailers and does not address questions of generation or ownership (Competition and Consumer Act 2010). In mid-2017, the OAIC and the ACCC were made jointly responsible for developing and implementing new rules, referred to as an “instrument” of the Competition and Consumer Act (2010), and termed the Australian Consumer Data Right (CDR) (Bradshaw, 2020). These rules came into effect in early 2020 and were amended in late 2020 before having their enforcement functions transferred from the ACCC to the Australian Treasury (ACCC, 2020a, 2020b). The CDR is designed to fill gaps in the Competition and Consumer Act (2010) relating to the protection of personal data generated by consumers of retail products, including financial, energy, and communications services (Bradshaw, 2020). While the CDR appears to provide a framework for the regulation of data ownership, custodianship, and stewardship, it does so only in relation to the trade of products where data is a secondary by-product of that trade, and does not address the financial value of data (Esayas & Daly, 2018). Further, the CDR appears to maintain a regulatory focus on privacy rather than asset interests, consistent with Australia’s longstanding regulatory orientation to data as a financially valueless or at least value-neutral entity (Goggin et al., 2019). In late 2018 the federal government launched the Office of the National Data Commissioner (ONDC), which between 2019 and 2020 undertook a series of stakeholder consultations in the lead-up to release of a working paper on the functions and objectives the Data Availability and Transparency Bill (DAT, 2020), currently before the Australian parliament. Like the OAIC, the objective of the ONDC is to “enhance accessibility” to data, in this case on both the part of the Australian public with respect to Australian government data, and on the part of government with respect to Australian citizens’ personal data (Commonwealth of Australia, 2019). Although the ONDC has given consideration to the question of subsidiary classes of data to which it may direct attention, Indigenous data has not yet been formally addressed beyond a single targeted stakeholder roundtable discussion. 4 Like the proposed CDR, the general theme of the DAT Bill (2020) may thus be reasonably characterised as focusing on the regulation of access to data, irrespective of the circumstances of its generation, whether via the provision of services by government or by community-controlled organisations, or in the course of private business activities. This Commonwealth-wide trend is most clearly articulated in the ONDC’s September 2019 Discussion Paper (Commonwealth of Australia, 2019), which calls for the removal of individual consent provisions in subsequent data governance legislation (Barbaschow, 2019). These moves reflect a 4 Held 19 September 2019 in Melbourne. 11 Rose et al.: Indigenous Data Governance in Australia Published by Scholarship@Western, 2023 trend towards the expansion and strengthening of Commonwealth access to and control over personal data, rather than on the regulation of the trade in data among owners, stewards, and custodians, Indigenous or otherwise. These trends are not inconsistent with historical Australian government approaches to the treatment of Indigenous data specifically, which were broadly aimed at monitoring and controlling the Indigenous population in line with assimilationist objectives and the eugenicist theories that informed them until the mid-20th century. Following the 1967 constitutional referendum and consequent dissolution of those laws, the primary attitude towards surviving records was one of restriction and concealment. Those records that were not deliberately destroyed are now treated as highly sensitive confidential archival material and regulated by archivists who police access by survivors of those historical regimes. Access is generally granted on the basis of a “right to know,” rather than on a right to equity in the asset as a whole, consistent with outmoded practices of data custodianship rather than stewardship as discussed below. Such an approach is incompatible with the internationally recognised OCS model of data governance, where the distinct roles of owners, custodians and stewards are enshrined in the inherent property rights of data owners. 2.2 The EU General Data Protection Regulation: A Model Governance Framework During the past decade, data governance in the European Union has been trending in the opposite direction to that of Australia, towards the strengthening of access to and control over personal data on the part of the individuals by or about whom it is created. In 2018, this governance trend found expression in the enactment of the General Data Protection Regulation (GDPR), which is oriented specifically towards the recognition of data as an asset via its regulation in the EU’s single digital market (Palmirani et al., 2018). The GDPR enshrines eight personal rights in relation to the controlling and processing of personal data by entities operating in the European Union, including the right to: • Access; • Be informed; • Object; • Withdraw consent; • Rectification; • Erasure (i.e., to be “forgotten”); • Data portability; and • Restrict processing. The determination of these rights is contingent upon definitions of the roles of individuals and other entities participating in the EU’s digital economy. These roles are, in turn determined by the definable functions that each individual or entity performs under the GDPR, and the relations consequently enacted between each of them. Each of these roles, functions, and relations contributes to the designation of the other in a self-consistent systematic manner comparable to the OCS model of data governance described at Section 1 above. Article 4 of the GDPR defines the primary roles of the regime as those of Data Subjects, Data Processors, and Data Controllers (General Data Protection Regulation 2018), together with accompanying functions and relations, which may be synthesised using the following taxonomy: • Role: Data Subject 12 The International Indigenous Policy Journal, Vol. 14, Iss. 1 DOI:10.18584/iipj.2023.14.1.10987 o Function: An individual about whom personal data is generated in such a way as to distinguish them from others, whether by name, code, or some other identifier, anonymised or otherwise. o Relation 1: Data subjects<-Data Controller (Subject to data control). o Relation 2: Data Subjects<-Data Processor (Subject to data processing). • Role: Data Controller o Function: An individual or entity that determines the purposes and means of the processing of personal data consistent with the rights enshrined in the GDPR. o Relation 1: Data Controller->Data Subject (Exercises control on behalf of a Data Subject) o Relation 2: Data Controller->Data Processor (Determines the purposes and means of the processing on behalf of a Data Subjects). • Role: Data Processor o Function: An individual or entity engaged in the generation, storage, modelling and analysis of personal data. o Relation 1: Data Processor->Data Subject (Processes data about a Data Subject) o Relation 2: Data Processor<- Data Controller (Processes data on behalf of a Data Controller) The GDPR’s model of roles, functions and relations is illustrated at Figure 3. Figure 4 maps these roles, functions, and relations onto equivalents defined by the OCS model of data governance described at Section 1 above. Figure 3. GDPR roles, functions, and relations 13 Rose et al.: Indigenous Data Governance in Australia Published by Scholarship@Western, 2023 Figure 4. GDPR mapped onto the OCS model of data governance roles, functions, and relations This remapping illustrates how the OCS model of data governance may be adapted to suit the specific regulatory objectives of a particular authority, in this case the European Union’s objective of protecting the interests of its citizens, in the personal data that is generated by or about them. The GDPR serves as a leading example of the kind of governance framework that Australia might consider with regard to the data interests not only of Indigenous citizens, but of the population at large. With respect to Indigenous Australians specifically, implementation of a comparable framework would involve conferring an auxiliary status of “special data subject” on Indigenous individuals as part of the InDatOCS data governance model. In conferring such a status, the Commonwealth would give rightful regard to the established status of Indigenous Australians as bearing both a unique spatiotemporal heritage deeper than that other Australians, but also as survivors of a centuries-long program of targeted data theft by the Commonwealth and its predecessors. By adopting the InDatOCS model of data governance as described above, the Commonwealth would set an administrative precedent not only for the recognition of Indigenous interests in data assets, but for the wider adoption of OCS-based models of data governance nationally. 3. Non-Enforceable International Guidelines and Principles Turning from enforceable instruments to standardised international policies and guidelines, in this section we provide an overview of established international and sectorial voluntary instruments widely accepted among peak organisations and regulators. This includes the Five Safes Framework for data governance, the ALCOA Data Integrity Principles, the FAIR Guiding Principles, the CARE Guiding Principles on Indigenous data, the First Nations Principles of OCAP, and the TRUST 14 The International Indigenous Policy Journal, Vol. 14, Iss. 1 DOI:10.18584/iipj.2023.14.1.10987 Principles for Digital Repositories. Each of these voluntary instruments provides proximal guidelines for defining one or a combination of terms forming part of the OCS data governance model described in Section 1. However, none of these instruments lists all relevant terms of the OCS model covered by the GDPR (2018). In response, the InDatOCS model proposed here, draws on either one or a combination of elements of each of the six voluntary instruments lists as the basis for an integrated, comprehensive, and functional framework both suited to Australia’s specific administrative history and contemporary regulatory environment, and reflective of internationally accepted OCS-based standards. With regard to Indigenous data governance principles that might serve as a precedent for an InDatOCS-based regulatory framework in Australia, there currently exist a number of non- governmental, national-level initiatives targeting a range of Indigenous data governance issues, but which are yet to conform around a coherent set of policy objectives. These initiatives include the United States Indigenous Data Sovereignty Network (USIDSN), the First Nations Information Governance Council (FNIGC) in Canada, 5 the Te Mana Raraunga (Māori Data Sovereignty Network) in New Zealand/Aotearoa, 6 the Maiam nayri Wingara Aboriginal and Torres Strait Islander Data Sovereignty Collective in Australia,7 and the Indigenous Data Network (IDN) in Australia,8 among others. Each of these Indigenous data initiatives promotes its own set of guiding objectives and principles, and several are members of the international collective, the Global Indigenous Data Alliance (GIDA).9 Despite this latter international coalition, there is not yet any standardised set of terms or definitions around which a legal and administrative framework might recognise and value Indigenous interests in data as an asset. For this reason, we focus on existing Australian and international regulatory instruments relating to individual and community interests in data, elements of which are suited to integration into the more specific and functionally oriented terms and definitions relevant to the InDatOCS model presented here. 3.1 The Five Safes Framework The Five Safes framework was originally developed by the United Kingdom’s Office of National Statistics in 2003 as a set of protocols for managing conditions on data access (Desai et al., 2016; Ritchie, 2017). Although they bear relevance to all roles, functions, and relations of an OCS-based model of data governance as described above, the Five Safes framework is most closely focused on the role and functions of data custodianship. The framework has now been adopted worldwide, not only by national statistics agencies but by a range of both government and non-government data custodians operating at a range of jurisdictional levels. In Australia, all Commonwealth accredited integrating authorities conform to the framework, including the Australian Bureau of Statistics, the Australian Institute of Health and Welfare, the Australian Institute of Family Studies, and the Commonwealth Department of Social Services, among others. 5 https://fnigc.ca/ 6 https://www.temanararaunga.maori.nz/ 7 https://www.maiamnayriwingara.org/ 8 https://mspgh.unimelb.edu.au/centres-institutes/centre-for-health-equity/research-group/indigenous-data-network 9 https://www.gida-global.org/ https://fnigc.ca/splash/ https://www.temanararaunga.maori.nz/ https://www.maiamnayriwingara.org/ https://mspgh.unimelb.edu.au/centres-institutes/centre-for-health-equity/research-group/indigenous-data-network https://www.gida-global.org/ 15 Rose et al.: Indigenous Data Governance in Australia Published by Scholarship@Western, 2023 The Five Safes framework generally lists five prospective questions for custodians and stewards to consider in determining access and the means and purposes for which data is modelled and analysed. Table 1 presents an exemplary form of these questions used by the Australian Institute of Health and Welfare, together with operationalised interpretations. 16 The International Indigenous Policy Journal, Vol. 14, Iss. 1 DOI:10.18584/iipj.2023.14.1.10987 Table 1. Constituent Elements of a Generic Five Safes Framework (AIHW 2019) Safe projects Is the use of the data appropriate? Interpretation: Use of the data is legal, ethical and the project is expected to deliver public benefit. Safe people Can the users be trusted to use it in an appropriate manner? Interpretation: Researchers have the knowledge, skills, and incentives to act in accordance with required standards of behaviour. Safe data Is there a disclosure risk in the data itself? Interpretation: Data has been treated appropriately to minimise the potential for identification of individuals or organisations. Safe settings Does the access facility prevent unauthorised use? Interpretation: There are practical controls on the way the data is accessed— both from a technology perspective and considering the physical environment. Safe output Are the statistical results non-disclosive? Interpretation: A final check can be required to minimise risk when releasing the findings of the project. The Five Safes framework has potential to advance the interests of Indigenous Australians in data assets via an InDatOCS model, where the undergirding concept of “safety” has already been defined. As the AIHW’s interpretations highlight, the contingent factor for definitions of safety is “appropriateness” of each point in the framework. Concepts of appropriateness are obviously politically, culturally and historically variable. Data custodianship and stewardship priorities deemed appropriate to the interests of Indigenous Peoples in Australia by Commonwealth, state, and territory governments prior to the 1967 referendum have changed markedly in the time since, as described in Section 1. By defining data as an asset, and Indigenous data as an asset in which Indigenous Peoples in Australia have a specific and inherent interest in line with the InDatOCS model proposed, the definition of “safety” is refined sufficiently to make the Five Safes framework functionally useful for Indigenous data governance with respect to the role of data custodianship, thereby aligning it more specifically with the InDatOCS model. We reframe the AIHW’s interpretive model in Table 2 below. 17 Rose et al.: Indigenous Data Governance in Australia Published by Scholarship@Western, 2023 Table 2. Constituent Elements of a Five Safes Framework Interpreted for the Purposes of Indigenous Data Governance Safe projects Is the proposed custodianship and stewardship of the data in the interests of Indigenous data owners? Safe people Do data custodians and stewards have the experience, knowledge, skills, and motivation to act in the interests of Indigenous data owners? Safe data Has the data been assessed to measure its potential for undermining the interests of its Indigenous owners? Safe settings Have custodianship and stewardship functions been set to minimise risks of the data being used contrary to the interests of Indigenous owners? Safe output Are the results of modelling and analysing Indigenous data non-disclosive? While based on OCS governance model roles, the Five Safes framework is oriented primarily to an active data-use environment and does not account for situations in which data assets are effectively stranded in a dormant state because of inadequate governance arrangements. Because this is an ongoing feature of the Indigenous data governance landscape in Australia, and consequently an objective of the InDatOCS data governance model, we consider other existing data governance instruments that give regard to such omissions. These omissions are partly addressed in different respects by the ALCOA Data Integrity Principles and the FAIR Guiding Principles discussed below. 3.2 The ALCOA Data Integrity Principles The ALCOA Data Integrity Principles were initially developed as a quasi-formal framework by the United States Food and Drug Administration (USFDA) in the late 1990s as a means for regulating the information structure of physical records relating to pharmaceutical products. The objective of these principles was to define data governance functions that ensured information relating to drugs traded in the USA be (A)ttributable, (L)egible, (C)ontemporaneous, (O)riginal, and (A)ccurate (McDowall, 2018b; Williams et al., 2017; Wollen, 2010). The demonstrated utility of the ALCOA principles was such that in 2003 the USFDA properly formalised them as part of its Code of Federal Regulations on electronic records and electronic signatures (USFDA, 2003). The Principles were expanded to include requirements that data relating to the manufacture not only of pharmaceuticals but also of medical equipment, and which was now predominantly electronic, also be “complete, consistent, enduring, and available,” and that the acronym be altered to “ALCOA+.” From this point, the ALOCA+ principles spread to international usage in all domains of medical research (Jordan, 2016). In late 2019, following initial publication as an annex to a 2016 technical report, the World Health Organisation released independent draft guidelines on the use of ALCOA+ principles for the handling of contracts relating to medicines and medical supplies internationally (WHO, 2016, 2019). The structure of the WHO guidelines indicates that they are applicable not only to medical 18 The International Indigenous Policy Journal, Vol. 14, Iss. 1 DOI:10.18584/iipj.2023.14.1.10987 supply chains but also to the maintenance of data integrity standards throughout data life cycles more broadly (WHO, 2016, 2019), visualised at Figure 5 below. Figure 5. ALCOA Data Integrity Functions Mapped to an OCS-based Data Governance Lifecycle The relevance of the World Health Organisation’s extended ALCOA+ principles for Indigenous data governance, is that they reinforce and consolidate key terms, definitions, and standards by which the OCS-based roles of data owners, custodians, and stewards may coordinate their interactions with one another, independent of the rights-based priorities that may vary among governing authorities. In an Australian setting, this means that even in the absence of subject- oriented protections, such as those conferred under either the Data Availability and Transparency framework or the Consumer Data Right, described at Section 2.1 above, the life cycles of data assets in which Indigenous individuals and communities hold an interest may nevertheless be governed consistently independent of the legal validation of that interest. The linkage here is between the orientation of the WHO’s ALCOA+ guidelines towards the data integrity of supply chains over time, where in Australia this is precisely the form taken by contemporary Indigenous data assets that have been developed over decades and centuries of administrative record-keeping. In other words, those data assets currently treated as Indigenous “archival records,” are more properly treated as Indigenous “data products,” which exhibit supply chain histories comparable to life science data and medical products typically subject to the WHO’s ALCOA+ guidelines. The ALCOA+ guidelines consequently provide an illustration of how an OCS- oriented data life cycle governance model might be incorporated into an InDatOCS model of Indigenous data governance, as outlined at Section 1.5 above. 3.3 FAIR Guiding Principles on Scientific Data The FAIR Guiding Principles on Scientific Data Stewardship and Management were initially published in 2016 by a consortium of 47 predominantly European scientists seeking to establish a standard for the governance of scientific research data (Wilkinson et al., 2016). The FAIR acronym encodes four functions that the consortium considers critical to data governance roles, such that these roles ensure data is made (F)indable, (A)ccessible, (I)nteroperable and (R)eusable. Following publication, the FAIR principles have been rapidly endorsed by a number of international 19 Rose et al.: Indigenous Data Governance in Australia Published by Scholarship@Western, 2023 governmental entities, including the European Council and European Commission, the G7, G20, the International Science Council's Committee on Data (CODATA), and the Research Data Alliance, among others (Mons et al., 2017; Stall et al., 2019). In 2019 the Australian Academy of Science commenced formal discussions with CODATA on development of a national FAIR data strategy for Australia (AAS, 2019). In terms of their orientation towards an OCS model of data governance, while Wilkinson et al. (2016) referred exclusively to data stewardship, the four functions encoded in the FAIR principles are tacitly oriented towards both data stewardship and data custodianship. Figure 6 visualises this distribution of the FAIR functions, mapped onto the two roles of data stewardship and custodianship, including the corresponding relations between them, as well as the third governance role of data ownership. In this configuration, data custodians bear a responsibility to both owners and stewards to ensure that data is findable and accessible, while data stewards bear a responsibility to both owners and custodians to ensure that data is interoperable and reproducible. Figure 6. OCS-based Data Governance Roles Mapped to the Functions of the FAIR Guiding Principles The allocation of the four FAIR functions to each of the two OCS-based governance roles of custodianship and stewardship is made according to the extent to which each of those four functions involves the processing of data. With respect to the functions of making data findable and accessible, both roles require either no processing or very little processing. To use concrete examples provided by Wilkinson et al. (2016), findability and accessibility are enhanced by appending unique identifiers to metadata indexes and by the storage of data on an accessible resource. By contrast, ensuring that data is interoperable and reproducible may require variable degrees of restructuring, including file formatting, and rearrangement and redefinition of data classes, for example (Wilkinson et al., 2016). Such restructuring is the epitome of data processing. With regard to the governance of Indigenous data assets using the proposed InDatOCS model, the FAIR Guiding Principles provide an important augmentation to both the temporal “production- line” orientation of the ALCOA+ principles, and the risk-mitigation orientation of the Five Safes Framework. While the ALCOA+ principles specify the utility of functions over time, such as in the case of the maintenance and development of archival records, they do not allocate these functions explicitly to OCS-based data governance roles. The FAIR Guiding Principles fill this gap in the ALCOA+ principles by providing clear links between OCS-based roles, functions, and relations. Conversely, while the Five Safes Framework provides a detailed scaffolding for allocating risk- mitigation functions to OCS stewardship and custodianship roles in an active data governance 20 The International Indigenous Policy Journal, Vol. 14, Iss. 1 DOI:10.18584/iipj.2023.14.1.10987 regime, they do not elaborate the distribution of these functions over time, during the life cycle of a data asset. The FAIR Guiding Principles address this latter gap by emphasising the future utility of research data beyond the immediate validation of the study for which it was initially generated. It is this linkage between the Five Safes framework and the ALCOA+ principles, provided by the FAIR Guiding Principles, which makes them a central instrument in the operationally oriented InDatOCS model of Indigenous data governance proposed here. 3.4 CARE Principles for Indigenous Data Governance The CARE Principles for Indigenous Data Governance are a response to the FAIR Guiding Principles, intended as an augmentation to the latter, which more effectively account for inequities in Indigenous control over research data generated by and about Indigenous people (Carroll et al., 2019; Hudson et al., 2020). The CARE mnemonic encodes four priorities for the governance of Indigenous research data, comprising (C)ollective Benefit, (A)uthority to control, (R)esponsibility, and (E)thics. Each priority consists of several constituent parts in a structure similar to that of the FAIR Guiding Principles (Carroll et al., 2020), although the former encodes a thematic mnemonic, rather than a set of programmatic governance functions as the FAIR Guiding Principles do. The CARE Principles were developed following the 14th Plenary of the Research Data Alliance (RDA) in Botswana in 2018, which formed a special platform for promotion of the FAIR principles. Having been initially drafted at the co-hosted event “Indigenous Data Sovereignty Principles for the Governance of Indigenous Data Workshop” (Carroll et al., 2020), co-signatories to the CARE Principles include representatives of many of the CANZUS (Canada, Australia, New Zealand, United States) Indigenous data sovereignty initiatives listed above, including the US Indigenous Data Sovereignty Network, the Māori Data Sovereignty Network, and the Australian Aboriginal and Torres Strait Islander Data Sovereignty Collective. This community of signatories reflects the primary objective of the CARE Principles as identifying data generated by and about Indigenous Peoples as subject to a specialised definition of personal data linked to the United Nations Declaration on the Rights of Indigenous Peoples. This is a definition bound up with the objective of collective self-determination, free of restrictions imposed by colonial governmental authorities. With regard to the OCS model of data governance outlined in Figure 1, the CARE principles are thus oriented towards defining in a thematic sense the roles of and relations between data owners, custodians, and stewards. By focusing on the FAIR Principles, the CARE Principles target the same two aspects of the roles, functions, and relations of data governance addressed by the FAIR principles, viz. a) risk mitigation in the relations between data owners and both custodians and stewards, and b) temporal sequencing of functions in order to maximise data integrity over time. The CARE Principles are a valuable contribution to the international repertoire of data governance principles and guidelines. By setting as an overarching objective data sovereignty, rather than data governance, the CARE Principles clearly define the intended beneficiaries as data owners, i.e., Indigenous peoples, rather than the data market as a whole. This aligns with the tone of the GDPR in setting out a rights-based, data subject-oriented framework for the ownership of data as an asset, although unlike the GDPR, the CARE Guiding Principles do not include a description of the mechanisms by which those principles might be implemented. In terms of their relevance to the InDatOCS model of Indigenous data governance proposed here, the CARE Guiding Principles 21 Rose et al.: Indigenous Data Governance in Australia Published by Scholarship@Western, 2023 reinforce the central importance of data ownership in any OCS-based model of Indigenous data governance. 3.5 The First Nations Principles of OCAP The First Nations principles of OCAP provide a health-oriented framework for the collection, protection, use, and sharing of data about First Nations individuals and communities in Canada (FNIGC, 2014a, 2014b; Mashford-Pringle & Pavagadhi, 2020; Mecredy et al. 2018; Sabeti et al., 2021; Schnarch, 2004; Slater et al., 2019 )10. Similarly to the CARE Principles, the OCAP principles emphasise a set of thematic priorities or “notions” concerning the roles and relations between data owners, custodians, and stewards within an OCS-based framework, namely (O)wnership, (C)ontrol, (A)ccess, and (P)ossession (FNIGC, 2014a, 2014b). The OCAP principles were originally developed in the late 1990s by the National Steering Committee of the First Nations Regional Longitudinal Health Survey (RHS), a recurrent data collection exercise undertaken by the First Nations Health Authority in Canada. 11 At its inception, the principles were known as “OCA” and were held to apply to any and all “research, monitoring and surveillance, surveys, statistics, and cultural knowledge” (Schnarch, 2004, p. 80; FNIGC, 2014a, p. 4). By 2004, the RHS Steering Committee had evolved to form the First Nations Information Governance Council (FNIGC), which now oversees the RHS together with implementation of the OCAP principles and broader issues related to “First Nations data, research and information” (Schnarch, 2004, p. 80; FNIGC, 2014a, p. 4.). The FNIGC is composed of representatives from 10 regional First Nations organisations, mandated by and reporting to the Assembly of First Nations’ Chiefs Committee on Health (Ibid.) Consistent with the thematic approach shared by the CARE principles, the definitions of OCS- oriented roles, functions, and relations provided by the OCAP principles are generalised. In this sense, the OCAP principles avoid distinguishing data from either information or knowledge (FNIGC, 2014a), or distinguishing data generated by Indigenous individuals or communities from that generated about those individuals and communities by other parties (FNIGC, 2014a). While the four principles of ownership, control, access, and possession capture to varying extents dimensions of the data life cycle as described above (FNIGC, 2014a), they emphasise a theme of Indigenous sovereignty over and above programmatic functions targeted at data as a formally defined asset (Mecredy et al., 2018). This is consistent with the FNIGC's stated aim of asserting a jurisdictional authority contra that of Canadian governments (FNIGC, 2014a). To this end, OCAP's possession principle is described by the FNIGC as follows: While “ownership” identifies the relationship between a people and their data, possession reflects the state of stewardship of data. First Nation possession puts data within First Nation jurisdiction and therefore, within First Nation control. Possession is the mechanism to assert and protect ownership and control. First Nations generally exercise little or no control over data that is in the possession of others, particularly other governments. (FNIGC, 2014a, p. 5.) 10 FINGC: https://fnigc.ca/ocap-training/ 11 https://www.fnha.ca/what-we-do/research-knowledge-exchange-and-evaluation/regional-health-survey 22 The International Indigenous Policy Journal, Vol. 14, Iss. 1 DOI:10.18584/iipj.2023.14.1.10987 With regard to the InDatOCS model of Indigenous data governance proposed here, the OCAP principles form a useful international example of an Indigenous-led effort to assert control over information assets, which commenced prior to the emergence of the data economy in the 1990s and has been iteratively adapted over time to deal with a changing information landscape. In terms of their relevance to the Australian situation, the OCAP principles illustrate an approach to data governance by an Indigenous organisation, the FNIGC, operating under legacy British colonial conditions, and their successful promotion to government and tertiary education organisations. 3.6 The TRUST Principles for Digital Repositories The most recent addition to the growing international body of data governance guidelines and principles are the TRUST Principles for Digital Repositories, published by an international consortium of 20 computing, science, and humanities researchers specialising in a variety of data- intensive fields, ranging from physics and engineering, through to ecology and archival document management (Lin et al., 2020). Like the CARE Principles, the TRUST Principles comprise a thematic mnemonic rather than a grammatically consistent codification of data governance functions and relations, namely (TR)ransparency, (U)ser-focus, (S)ustainability, and (T)echnology (Lin et al., 2020). Also like the CARE Principles, the TRUST Principles have been designed in response to the FAIR Guiding Principles’ perceived emphasis on the interests of data custodians and stewards rather than owners and other community stakeholders, or “users.” To this end, the authors of the TRUST Principles describe their objective as providing guidelines for the operation of “trustworthy digital repositories” (Lin et al., 2020). While the role of “repository” is consistent with the functions of data custodians, the inclusion of data “users” as a focus of the guidelines effectively includes data stewards in the Principles’ target group of beneficiaries as well. In terms of the OCS model of data governance described in Section 1, the TRUST Principles represent an interesting hybrid approach. While, like the FAIR and CARE Principles, the TRUST Principles set as their objective a more ethical set of obligations on the part of data custodians and stewards towards data owners, they do so by seeking to define desirable themes of the latter two roles. By contrast, the FAIR Principle focus on the functions of these roles rather their themes, while the CARE principles focus on defining the thematic role of data owners rather than the role of either custodians or stewards. The relevance of the TRUST Principles to Indigenous data governance lies in their intent to establish an ethical theme for obligations of custodians and stewards towards data owners. While the authors of the principles do not refer to the CARE Principles, there are important overlaps between the two in their thematic structure, which mutually reinforce the centrality of data ownership in any responsible data governance framework. With respect to the InDatOCS model of Indigenous data governance advanced here, the TRUST Principles illustrate how an ethical rather than exclusively functional definition of the roles and relations between data owners, custodians, and stewards may assist in giving rise to a more just outcome. Conclusion: The InDatOCS Model of Indigenous Data Governance In this paper we have identified six key features of existing data governance frameworks, legislation, guidelines, and principles relevant to the interests in data as an asset to Indigenous individuals and 23 Rose et al.: Indigenous Data Governance in Australia Published by Scholarship@Western, 2023 communities in Australia. We have proposed that these features are suited to integration into a single national Indigenous data governance framework for Australia, based on an OCS data governance model. An integrated national framework of this kind would involve six corollary definitions: 1. The definition of the relationship between data sovereignty and data governance, where: a. Data sovereignty refers both to the aspiration of Indigenous individuals and communities to autonomous ownership and control of data assets in which they hold an interest, and to the legally enforceable mandate of governments to exert authority over the governance of data within a given jurisdictional domain, and where; b. Data governance refers to the roles, functions and relations involved in exerting this authority, which consequently encompass the concept of sovereignty. 2. The definition of data as the semantic product of cognitive and intellectual work in a sequential process undertaken over time, which follows the preceding generation of at least two other semantic products, including knowledge and information, such that the production chain involved in the generation of data follows the sequence knowledge>information>data. 3. The definition of data as an intangible asset with real financial value. 4. The definition of data governance as an organisational system titled “OCS,” comprised of roles, functions and functions, namely: a. Three Roles: Ownership, custodianship, and stewardship b. Two sets of functions: Controlling and processing. c. Three Relations: Owner<>Custodian; Custodian:<>Steward; Steward<>Owner 5. The definition of a data life cycle as encompassing all instances of controlling and processing between the instant of a dataset's creation and the instant of its destruction over time; 6. The definition of Indigenous data as a special class of data asset distinguished by its multi- generational life cycle, extending over a period that predates the assertion of a colonial data governance regime. In this paper, these six definitions are used to characterise the extant Australian data legislative landscape with regard to data governance, the European Union's General Data Protection Regulation, and six sets of international principles and guidelines. The purpose of this exercise has been to illustrate how each set of principles and guidelines expresses to varying degrees, one or a combination of the six features listed above, and how each may be drawn upon in the development a convergent and self-consistent regulatory framework. In summary, we propose that the internationally recognised data governance roles of ownership, stewardship, and custodianship, together with the similarly recognised governance functions and relations that characterise each role and integrate them into a systematic and operational model, be recognised in the acronym “OCS,” and be given further, specialised recognition with regard to the other five features described above. As elaborated in each section of this paper, we propose that these five features be encoded in the acronym (In)digenous (Dat)a (O)wnership, C(ustodianship) and (S)tewardship or “InDatOCS.” We propose further that such a model should form the basis on which Indigenous communities in Australia, community controlled organisations, business, and governments might effectively address the unique and ongoing situation facing Indigenous Peoples in Australia with regard to the restitution of their rights and interests in data that has been and continues to be generated by and about them following the assertion of sovereignty by Britain over 24 The International Indigenous Policy Journal, Vol. 14, Iss. 1 DOI:10.18584/iipj.2023.14.1.10987 the continent of Australia. To this end, the InDatOCS model of Indigenous data governance represents the integration of internationally recognised and adopted best practice data governance, with the specific concerns of Indigenous data owners in assets to which they hold a rightful claim. References Ackoff, R. L. (1989). From data to wisdom. Journal of Applied Systems Analysis, 16(1), 3–9. http://www-public.imtbs-tsp.eu/~gibson/Teaching/Teaching- ReadingMaterial/Ackoff89.pdf Aisyah, M., & Ruldeviyani, Y. (2018). Designing data governance structure based on Data Management Body of Knowledge (DMBOK) framework: A case study on Indonesia Deposit Insurance Corporation (IDIC). In 2018 International Conference on Advanced Computer Science and Information Systems (ICACSIS) (pp. 307–312). IEEE. https://doi.org/10.1109/ICACSIS.2018.8618151 Anderson, J. (2005). The making of Indigenous knowledge in intellectual property law in Australia. International Journal of Cultural Property, 12(3), 347–373. https://doi.org/10.1017/S0940739105050174 Australian Academy of Science (2019). Academy hosts meeting to develop national FAIR data strategy. https://www.science.org.au/academy-newsletter/june-2019-128/academy-hosts- meeting-develop-national-fair-data-strategy Australian Competition and Consumer Commission. (2020a). Commencement of CDR Rules. https://www.accc.gov.au/focus-areas/consumer-data-right-cdr-0/commencement-of-cdr- rules Australian Competition and Consumer Commission. (2020b). ACCC amends Consumer Data Right Rules. https://www.accc.gov.au/media-release/accc-amends-consumer-data-right- rules Australian Institute of Aboriginal and Torres Strait Islander Studies (AIATSIS). (2014). Access and Use Policy AIATSIS Collection. https://aiatsis.gov.au/sites/default/files/2020-09/aiatsis- access-and-use-policy-20180.pdf Barbaschow, A. (2019, September 2). Consent ’removed’ from Australia's proposed data-sharing legislation. ZDNET. https://www.zdnet.com/article/consent-removed-from-australias- proposed-data-sharing-legislation/ Batra, S. (2014). Big data analytics and its reflections on DIKW hierarchy. Review of Management, 4(1/2), 5. Bernstein, B. (1999). Vertical and Horizontal Discourse: An Essay. British Journal of Sociology of Education, 20(2), 157–173. Bernstein, J. H. (2011). The Data-Information-Knowledge-Wisdom Hierarchy and its Antithesis. NASKO, 2(1), 68–75. https://doi.org/10.7152/nasko.v2i1.12806 http://www-public.imtbs-tsp.eu/%7Egibson/Teaching/Teaching-ReadingMaterial/Ackoff89.pdf http://www-public.imtbs-tsp.eu/%7Egibson/Teaching/Teaching-ReadingMaterial/Ackoff89.pdf https://doi.org/10.1109/ICACSIS.2018.8618151 https://doi.org/10.1017/S0940739105050174 https://www.science.org.au/academy-newsletter/june-2019-128/academy-hosts-meeting-develop-national-fair-data-strategy https://www.science.org.au/academy-newsletter/june-2019-128/academy-hosts-meeting-develop-national-fair-data-strategy https://www.accc.gov.au/focus-areas/consumer-data-right-cdr-0/commencement-of-cdr-rules https://www.accc.gov.au/focus-areas/consumer-data-right-cdr-0/commencement-of-cdr-rules https://www.accc.gov.au/media-release/accc-amends-consumer-data-right-rules https://www.accc.gov.au/media-release/accc-amends-consumer-data-right-rules https://aiatsis.gov.au/sites/default/files/2020-09/aiatsis-access-and-use-policy-20180.pdf https://aiatsis.gov.au/sites/default/files/2020-09/aiatsis-access-and-use-policy-20180.pdf https://www.zdnet.com/article/consent-removed-from-australias-proposed-data-sharing-legislation/ https://www.zdnet.com/article/consent-removed-from-australias-proposed-data-sharing-legislation/ https://doi.org/10.7152/nasko.v2i1.12806 25 Rose et al.: Indigenous Data Governance in Australia Published by Scholarship@Western, 2023 Bhansali, N. (Ed.). (2013). Data governance: Creating value from information assets. CRC Press. https://doi.org/10.1201/b15034 Bradshaw, A. (2020). Consumer data right scheme begins roll-out. Bulletin (Law Society of South Australia), 42(1), 16. https://search.informit.com.au/ documentSummary;dn=006558824509338;res=IELAPA Carroll, S. R., Rodriguez-Lonebear, D., & Martinez, A. (2019). Indigenous data governance: Strategies from United States Native Nations. Data Science (18). https://doi.org/10.5334/dsj-2019-031 Carroll, S. R., Garba, I., Figueroa-Rodríguez, O. L., Holbrook, J., Lovett, R., Materechera, S., Parsons, M., Raseroka, K., Rodriguez-Lonebear, D., Rowe, R., Sara, R., Walker, J. D., Anderson, J., & Hudson, M. (2020). The CARE Principles for Indigenous Data Governance. Data Science Journal, 19, 43. https://doi.org/10.5334/dsj-2020-043 Chartrand, P. E. (1981). The status of Aboriginal Land Rights in Australia. Alberta Law Review, 19, 436–460. https://doi.org/10.29173/alr1838 Cheong, L. K., & Chang, V. (2007). The need for data governance: A case study. ACIS 2007 Proceedings, 100. http://aisel.aisnet.org/acis2007/100 Commonwealth of Australia, Department of Prime Minister and Cabinet. (2019) Data sharing and release legislative reforms discussion paper, September 2019. https://about.unimelb.edu.au/__data/assets/pdf_file/0025/120994/UoM_submission_ Data_Sharing_and_Release.pdf Davis, M. (2016). Data and the United Nations declaration on the rights of Indigenous Peoples. In T. Kukutai & J. Taylor (Eds.), Indigenous data sovereignty, (pp. 25–38). ANU Press. http://dx.doi.org/10.22459/CAEPR38.11.2016 Desai, T., Ritchie, F., & Welpton, R. (2016). Five safes: Designing data access for research. Economics Working Paper Series 1601. University of the West of England. http://www2.uwe.ac.uk/faculties/BBS/Documents/1601.pdf Esayas, S., & Daly, A. (2018). The proposed Australian consumer data right: A European comparison. European Competition and Regulatory Law Review, (3). https://doi.org/10.21552/core/2018/3/6 Evans, L., Scott, H., Muir, K., & Briscoe, J. (2009). Effective intellectual property protection of Traditional Knowledge of plants and their uses: An example from Australia. GeoJournal, 74(5), 391-401. https://doi.org/10.1007/s10708-008-9229-6 The First Nations Information Governance Centre (2014a). Ownership, Control, Access and Possession (OCAP™): The path to First Nations information governance. Ottawa. https://fnigc.ca/wpcontent/uploads/2020/09/ 5776c4ee9387f966e6771aa93a04f389_ocap_path_to_fn_information_governance_en_fin al.pdf https://doi.org/10.1201/b15034 https://search.informit.com.au/documentSummary;dn=006558824509338;res=IELAPA https://search.informit.com.au/documentSummary;dn=006558824509338;res=IELAPA https://doi.org/10.5334/dsj-2019-031 https://doi.org/10.5334/dsj-2020-043 https://doi.org/10.29173/alr1838 http://aisel.aisnet.org/acis2007/100 https://about.unimelb.edu.au/__data/assets/pdf_file/0025/120994/UoM_submission_Data_Sharing_and_Release.pdf https://about.unimelb.edu.au/__data/assets/pdf_file/0025/120994/UoM_submission_Data_Sharing_and_Release.pdf http://dx.doi.org/10.22459/CAEPR38.11.2016 http://www2.uwe.ac.uk/faculties/BBS/Documents/1601.pdf https://doi.org/10.21552/core/2018/3/6 https://doi.org/10.1007/s10708-008-9229-6 https://fnigc.ca/wp-content/uploads/2020/09/5776c4ee9387f966e6771aa93a04f389_ocap_path_to_fn_information_governance_en_final.pdf https://fnigc.ca/wp-content/uploads/2020/09/5776c4ee9387f966e6771aa93a04f389_ocap_path_to_fn_information_governance_en_final.pdf https://fnigc.ca/wp-content/uploads/2020/09/5776c4ee9387f966e6771aa93a04f389_ocap_path_to_fn_information_governance_en_final.pdf 26 The International Indigenous Policy Journal, Vol. 14, Iss. 1 DOI:10.18584/iipj.2023.14.1.10987 The First Nations Information Governance Centre (2014b). Understanding the First Nations Principals of OCAP. https://fnigc.ca/wp-content/uploads/2020/09/ 2be8f15f2eff14b1f122b6a26023836a_fnigc_ocap_brochure_en_final_0.pdf Goggin, G., Vromen, A., Weatherall, K., Martin, F., & Sunman, L. (2019). Data and digital rights: Recent Australian developments. Internet Policy Review, 8(1), 1–19. https://doi.org/10.14763/2019.1.1390 Griffiths, K., Coleman, C., Al-Yaman, F., Cunningham, J., Garvey, G., Whop, L., Pulver, L. J., Ring, I., & Madden, R. (2019). The identification of Aboriginal and Torres Strait Islander people in official statistics and other data: Critical issues of international significance. Statistical Journal of the IAOS, 35(1), 91–106. https://doi.org/10.3233/SJI-180491 Halliday, M. A. K. (2005). Things & relations: Regrammaticizing experience as technical knowledge. In J. R. Martin & R. Veel (Eds.), Reading science: Critical and functional perspectives on discourses of science (pp. 185-236). Rutledge. Hudson, M., Garrison, N. A., Sterling, R., Caron, N. R., Fox, K., Yracheta, J., Anderson, J., Wilcox, P., Arbour, L., Brown, A., Taualii, M., Kukutai, T., Haring, R., Te Aika, B., Baynam, G. S., Dearden, P. K., Chagné, D., Malhi, R. S., Garba, I., … Carroll, S. R. (2020). Rights, interests and expectations: Indigenous perspectives on unrestricted access to genomic data. Nature Reviews Genetics. https://doi.org/10.1038/s41576-020-0228-x Janke, T., & Iacovino, L. (2012). Keeping cultures alive: Archives and Indigenous cultural and intellectual property rights. Archival Science, 12(2), 151–171. https://doi.org/10.1007/s10502-011-9163-0 Jordan, K. (2016, April 8). Best practices in life sciences for avoiding data integrity & quality pitfalls. Pharmaceutical Online. https://www.pharmaceuticalonline.com/ doc/best-practices-in-life-sciences-for-avoiding-data-integrity-quality-pitfalls-0001 Kinnane, S., Harrison, J., & Reinecke, I. (2015). Finger money: The black and white of stolen wages. Griffith Review, (47), 49-70. https://search.informit.com.au/documentSummary;dn=020873058224915;res=IELLCC Koliba, C. J., Meek, J. W., Zia, A., & Mills, R. W. (2018). Governance networks in public administration and public policy. Routledge. https://doi.org/10.4324/ 9781315093451 Kukutai, T., & Taylor, J. (Eds.). (2016). Indigenous data sovereignty: Toward an agenda, 38. ANU Press. http://dx.doi.org/10.22459/CAEPR38.11.2016 Laney, D. B. (2012, May 3). To Facebook, you’re worth $80.95. The Wall Street Journal. https://blogs.wsj.com/cio/2012/05/03/to-facebook-youre-worth-80-95/ Laney, D. B. (2017). Infonomics: How to monetize, manage, and measure information as an asset for competitive advantage. Routledge. https://doi.org/10.4324/ 9781315108650 https://fnigc.ca/wp-content/uploads/2020/09/2be8f15f2eff14b1f122b6a26023836a_fnigc_ocap_brochure_en_final_0.pdf https://fnigc.ca/wp-content/uploads/2020/09/2be8f15f2eff14b1f122b6a26023836a_fnigc_ocap_brochure_en_final_0.pdf https://doi.org/10.14763/2019.1.1390 https://doi.org/10.3233/SJI-180491 https://doi.org/10.1038/s41576-020-0228-x https://doi.org/10.1007/s10502-011-9163-0 https://www.pharmaceuticalonline.com/doc/best-practices-in-life-sciences-for-avoiding-data-integrity-quality-pitfalls-0001 https://www.pharmaceuticalonline.com/doc/best-practices-in-life-sciences-for-avoiding-data-integrity-quality-pitfalls-0001 https://search.informit.com.au/documentSummary;dn=020873058224915;res=IELLCC https://doi.org/10.4324/9781315093451 https://doi.org/10.4324/9781315093451 http://dx.doi.org/10.22459/CAEPR38.11.2016 https://blogs.wsj.com/cio/2012/05/03/to-facebook-youre-worth-80-95/ https://doi.org/10.4324/9781315108650 https://doi.org/10.4324/9781315108650 27 Rose et al.: Indigenous Data Governance in Australia Published by Scholarship@Western, 2023 Laurie, G. T., Dove, E. S., Ganguli-Mitra, A., Fletcher, I., McMillan, C., Sethi, N., & Sorbie, A. (2018). Charting regulatory stewardship in health research: Making the invisible visible. Cambridge Quarterly of Healthcare Ethics, 27(2), 333–347. https://doi.org/10.1017/S0963180117000664 Lin, D., Crabtree, J., Dillo, I., Downs, R. R., Edmunds, R., Giaretta, D., De Giusti, M., L’Hours, H., Hugo, W., Jenkyns, R. and Khodiyar, V., (2020). The TRUST Principles for digital repositories. Scientific Data, 7(1), 1–5. https://doi.org/10.1038/s41597-020-0486-7 Lovett, R., Lee, V., Kukutai, T., Cormack, D., Rainie, S., & Walker, J. (2019). Good data practices for Indigenous data sovereignty and governance. In A. Daly, S. K. Devitt, & M. Mann (Eds.), Good Data (pp. 26–36). Institute of Network Cultures. https://networkcultures.org/wp- content/uploads/2019/01/Good_Data.pdf Madden, R., Axelsson, P., Kukutai, T., Griffiths, K., Storm Mienna, C., Brown, N., Coleman, C., & Ring, I. (2016). Statistics on indigenous peoples: International effort needed. Statistical Journal of the IAOS, 32(1), 37–41. https://doi.org/10.3233/SJI-160975 Mashford-Pringle, A., & Pavagadhi, K. (2020). Using OCAP and IQ as Frameworks to Address a History of Trauma in Indigenous Health Research. AMA Journal of Ethics, 22(10), E868- 873. https://doi.org/10.1001/amajethics.2020.868 Mecredy, G., Sutherland, R., & Jones, C. (2018). First Nations Data Governance, Privacy, and the Importance of the OCAP® principles. International Journal of Population Data Science, 3(4). https://doi.org/10.23889/ijpds.v3i4.911 McDowall, R. D. (2018a). A flexible analytical data life cycle? Spectroscopy, 33(9), 18–22 https://www.spectroscopyonline.com/view/flexible-analytical-data-life-cycle McDowall, R. D. (2018b). Data integrity and data governance: Practical implementation in regulated laboratories. Royal Society of Chemistry. https://doi.org/10.1039/9781788013277 Mons, B., Neylon, C., Velterop, J., Dumontier, M., da Silva Santos, L. O. B., & Wilkinson, M. D. (2017). Cloudy, increasingly FAIR; revisiting the FAIR Data guiding principles for the European Open Science Cloud. Information Services & Use, 37(1), 49–56. https://doi.org/10.3233/ISU-170824 New South Wales Office of Aboriginal Affairs Family Records Service. (2020). Family Records Service. https://www.aboriginalaffairs.nsw.gov.au/healing-and-reparations/family-records- service#finding-your-mob-application-form O’Faircheallaigh, C. (2007). ‘Unreasonable and extraordinary restraints’: Native title, markets and Australia’s resources boom. Australian Indigenous Law Review, 11(3), 28–42. http://classic.austlii.edu.au/au/journals/AUIndigLawRw/ 2007/67.html https://doi.org/10.1017/S0963180117000664 https://doi.org/10.1038/s41597-020-0486-7 https://networkcultures.org/wp-content/uploads/2019/01/Good_Data.pdf https://networkcultures.org/wp-content/uploads/2019/01/Good_Data.pdf https://doi.org/10.3233/SJI-160975 https://doi.org/10.1001/amajethics.2020.868 https://www.spectroscopyonline.com/view/flexible-analytical-data-life-cycle https://doi.org/10.1039/9781788013277 https://doi.org/10.3233/ISU-170824 https://www.aboriginalaffairs.nsw.gov.au/healing-and-reparations/family-records-service#finding-your-mob-application-form https://www.aboriginalaffairs.nsw.gov.au/healing-and-reparations/family-records-service#finding-your-mob-application-form http://classic.austlii.edu.au/au/journals/AUIndigLawRw/2007/67.html http://classic.austlii.edu.au/au/journals/AUIndigLawRw/2007/67.html 28 The International Indigenous Policy Journal, Vol. 14, Iss. 1 DOI:10.18584/iipj.2023.14.1.10987 Otto, B. (2011). A morphology of the organisation of data governance. ECIS 2011 Proceedings, 272. https://aisel.aisnet.org/ecis2011/272 Palmirani, M., Martoni, M., Rossi, A., Bartolini, C., & Robaldo, L. (2018). Legal ontology for modelling GDPR concepts and norms. JURIX, 313, 91-100. https://doi.org/10.3233/978- 1-61499-935-5-91 Pandit, H. J., O’Sullivan, D., & Lewis, D. (2018). GDPR data interoperability model [in press]. 23rd EURAS Annual Standardisation Conference Dublin, Ireland. https://zenodo.org/record/3246439/files/preprint.pdf Perrons, R. K., & Jensen, J. W. (2015). Data as an asset: What the oil and gas sector can learn from other industries about “Big Data.” Energy Policy, 81, 117–121. https://doi.org/10.1016/j.enpol.2015.02.020 Rainie, S. C., Kukutai, T., Walter, M., Figueroa-Rodríguez, O. L., Walker, J., & Axelsson, P. (2019). Indigenous data sovereignty. In T. Davies, S. B. Walker, M. Rubinstein, & F. Perini (Eds.), The state of open data: Histories and horizons (pp. 300–319). African Minds and the International Development Research Centre (IDRC). https://www.idrc.ca/en/book/state- open-data-histories-and-horizons Ritchie, F. (2017). The “Five Safes”: A framework for planning, designing and evaluating data access solutions. Paper presented at Data for Policy 2017, London, UK. https://doi.org/10.5281/zenodo.897821 Sabeti, S., Xavier, C., Slaunwhite, A., Meilleur, L., MacDougall, L., Vaghela, S., McKenzie, D., Kuo, M., Kendall, P., Aiken, C., Gilbert, M., McDonald, S., & Henry, B. (2021). Collaborative Data Governance to Support First Nations-Led Overdose Surveillance and Data Analysis in British Columbia, Canada. International Journal of Indigenous Health, 16(2). https://doi.org/10.32799/ijih.v16i2.33212 Sarsfield, S. (2009). The data governance imperative: A business strategy for corporate data. IT Governance Publishing. https://www.itgovernancepublishing.co.uk/ product/the-data-governance-imperative Schnarch, B. (2004). Ownership, control, access, and possession (OCAP) or self-determination applied to research: A critical analysis of contemporary First Nations research and some options for First Nations communities. International Journal of Indigenous Health 1(1), 80– 95. Schwab, K., Marcus, A., Oyola, J. O., Hoffman, W., & Luzi, M. (2011). Personal data: The emergence of a new asset class. An Initiative of the World Economic Forum. http://www3.weforum.org/docs/WEF_ITTC_PersonalDataNewAsset_Report_2011.pdf Slater, M., Green, M. E., Shah, B., Khan, S., Jones, C. R., Sutherland, R., Jacklin, K., & Walker, J. D. (2019). First Nations people with diabetes in Ontario: Methods for a longitudinal population-based cohort study. CMAJ Open, 7(4), E680–E688. https://doi.org/10.9778/cmajo.20190096 https://aisel.aisnet.org/ecis2011/272 https://doi.org/10.3233/978-1-61499-935-5-91 https://doi.org/10.3233/978-1-61499-935-5-91 https://zenodo.org/record/3246439/files/preprint.pdf https://doi.org/10.1016/j.enpol.2015.02.020 https://www.idrc.ca/en/book/state-open-data-histories-and-horizons https://www.idrc.ca/en/book/state-open-data-histories-and-horizons https://doi.org/10.5281/zenodo.897821 https://doi.org/10.32799/ijih.v16i2.33212 https://www.itgovernancepublishing.co.uk/product/the-data-governance-imperative https://www.itgovernancepublishing.co.uk/product/the-data-governance-imperative http://www3.weforum.org/docs/WEF_ITTC_PersonalDataNewAsset_Report_2011.pdf https://doi.org/10.9778/cmajo.20190096 29 Rose et al.: Indigenous Data Governance in Australia Published by Scholarship@Western, 2023 South Australian Museum (2017). Mapping Family. https://www.samuseum.sa.gov.au/ collection/archives/family-history Stall, S., Yarmey, L., Cutcher-Gershenfeld, J., Hanson, B., Lehnert, K., Nosek, B., Parsons, M., Robinson, E., & Wyborn, L. (2019). Make scientific data FAIR. Nature, 570, 27–29. https://doi.org/10.1038/d41586-019-01720-7 Tehan, M. (2003). A hope disillusioned, an opportunity lost? Reflections on common law Native Title and ten years of the Native Title Act. Melbourne University Law Review, 27(2), 523- 571. https://doi.org/10.2139/ssrn.462220 Toussaint, S. (2017). A letter to Catherine Berndt: Aboriginal cultural life and the preciousness of time. Griffith Review, (44). https://www.griffithreview.com/articles/a-letter-to-catherine- berndt/ Tuomi, I. (1999). Data is more than knowledge: Implications of the reversed knowledge hierarchy for knowledge management and organizational memory. Journal of Management Information Systems, 16(3), 103–117. https://doi.org/ 10.1080/07421222.1999.11518258 US Food and Drug Administration. (2003). US FDA. CFR—Code of Federal Regulations Title, 21. https://www.accessdata.fda.gov/scripts/cdrh/ cfdocs/cfCFR/CFRSearch.cfm Walter, M., & Suina, M. (2019). Indigenous data, Indigenous methodologies and Indigenous data sovereignty. International Journal of Social Research Methodology, 22(3), 233–243. https://doi.org/10.1080/ 13645579.2018.1531228 Walter, M., Kukutai, T., Carroll, S. R., & Rodriguez-Lonebear, D. (Eds.). (2021). Indigenous data sovereignty and policy. Routledge. Wilkinson, M. D., Dumontier, M., Aalbersberg, I. J., Appleton, G., Axton, M., Baak, A., Blomberg, N., Boiten, J.-W., d Silva Santos, L. B., Bourne, P. E., Bouwman, J., Brookes, A. J., Clark, T., Crosas, M., Dillo, I., Dumon, O., Edmunds, S., Evelo, C. T., Finkers, R., . . . Mons, B. (2016). The FAIR Guiding Principles for scientific data management and stewardship. Scientific Data, 3. https://doi.org/10.1038/sdata.2016.18 Williams, M., Bagwell, J., & Zozus, M. N. (2017). Data management plans: The missing perspective. Journal of biomedical informatics, 71, 130–142. https://doi.org/10.1016/j.jbi.2017.05.004 Wing, J. M. (2019). The data life cycle. Harvard Data Science Review, 1(1). https://hdsr.mitpress.mit.edu/pub/577rq08d/release/3 Woollen, S. W. (2010). Data quality and the origin of ALCOA. Newsletter of the Southern Regional Chapter Society of Quality Assurance. https://rx-360.org/wp- content/uploads/2018/08/Data-Quality-and-the-Origin-of-ALCOA-by-Stan-Woolen- 2010.pdf https://www.samuseum.sa.gov.au/collection/archives/family-history https://www.samuseum.sa.gov.au/collection/archives/family-history https://doi.org/10.1038/d41586-019-01720-7 https://doi.org/10.2139/ssrn.462220 https://www.griffithreview.com/articles/a-letter-to-catherine-berndt/ https://www.griffithreview.com/articles/a-letter-to-catherine-berndt/ https://doi.org/10.1080/07421222.1999.11518258 https://doi.org/10.1080/07421222.1999.11518258 https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfCFR/CFRSearch.cfm https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfCFR/CFRSearch.cfm https://doi.org/10.1080/13645579.2018.1531228 https://doi.org/10.1080/13645579.2018.1531228 https://doi.org/10.1038/sdata.2016.18 https://doi.org/10.1016/j.jbi.2017.05.004 https://hdsr.mitpress.mit.edu/pub/577rq08d/release/3 https://rx-360.org/wp-content/uploads/2018/08/Data-Quality-and-the-Origin-of-ALCOA-by-Stan-Woolen-2010.pdf https://rx-360.org/wp-content/uploads/2018/08/Data-Quality-and-the-Origin-of-ALCOA-by-Stan-Woolen-2010.pdf https://rx-360.org/wp-content/uploads/2018/08/Data-Quality-and-the-Origin-of-ALCOA-by-Stan-Woolen-2010.pdf 30 The International Indigenous Policy Journal, Vol. 14, Iss. 1 DOI:10.18584/iipj.2023.14.1.10987 World Health Organization (2016). Technical report series (No. 996 Annex 5 Guidance on Good Data and Records Management Practices). WHO. https://www.who.int/publications/m/item/trs-966---annex-5-who-good-data-and-record- management-practices World Health Organization. (2019). Guideline on data integrity. (Working document QAS/19.819). Draft for Comments. https://www.who.int/docs/default- source/medicines/norms-and-standards/current-projects/qas19-819-rev1-guideline-on- data-integrity.pdf https://www.who.int/publications/m/item/trs-966---annex-5-who-good-data-and-record-management-practices https://www.who.int/publications/m/item/trs-966---annex-5-who-good-data-and-record-management-practices https://www.who.int/docs/default-source/medicines/norms-and-standards/current-projects/qas19-819-rev1-guideline-on-data-integrity.pdf https://www.who.int/docs/default-source/medicines/norms-and-standards/current-projects/qas19-819-rev1-guideline-on-data-integrity.pdf https://www.who.int/docs/default-source/medicines/norms-and-standards/current-projects/qas19-819-rev1-guideline-on-data-integrity.pdf