Data Ecosystems for Protecting European Citizens' Digital Rights

This viewpoint paper aims to spark a debate by (i) presenting the need for developing data ecosystems in Europe that meet the social and public good while committing to democratic and ethical standards; (ii) suggesting a taxonomy of data infrastructures and institutions to support this need; (iii) using the case study of Barcelona as the flagship city trailblazing a critical policy agenda of smart cities to show the limitations and contradictions of the current state of affairs; and (iv), ultimately, proposing a preliminary roadmap for institutional and governance empowerment that could enable effective data ecosystems in Europe. This viewpoint paper draws on lessons learnt in previous publications available in the Sustainability (Calzada, 2018), Regions (Calzada and Cowie, 2017; Calzada, 2019), Zenodo (Calzada and Almirall, 2019), RSA Journal (Calzada, 2019), and IJIS (Calzada, 2020) journals, and ongoing and updated fieldwork about the Barcelona case study stemming from an intensive fieldwork action research that started in 2017. The methodology used in these publications was based on the mixed-method technique of triangulation via action research encompassing (i) in-depth interviews, (ii) direct participation in policy events, and (iii) desk research. The case study was identified as the most effective methodology. This viewpoint paper, drawing from lessons learnt from the Barcelona case study, elucidates on the need to establish pan-European data infrastructures and institutions — collectively data ecosystems — to protect citizens’ digital rights in European cities and regions. The paper reveals three main priorities proposing a preliminary roadmap for local and regional governments: (i) advocacy, suggesting the need for city and regional networks; (ii) governance, requiring guidance and applied, neutral, and non-partisan research in policy; and (iii) pan-European agencies, leading and mobilising data infrastructures and institutions at the European level. From the very beginning, this viewpoint paper acknowledges its ambition, and thus its limitations, and clarifies its attempt to provide just an overview rather than a deep research analysis. This viewpoint paper presents several research limitations and implications regarding the scope. The paper starts by presenting the need for data ecosystems, then structures this need through two taxonomies, all illustrated through the Barcelona case study, and finally, concludes with a roadmap consisting of three priorities. The paper employs previous published and ongoing fieldwork findings in Barcelona as a way to lead and thus encourage the proliferation of more cases (CCDR). This paper presents practical implications for local and regional authorities of the CCDR network. As such, the main three priorities of the preliminary roadmap could help those European cities and regions already part of the CCDR network to establish and build operational data ecosystems by establishing a comprehensive pan-European policy from the bottom-up that aligns with the timely policy developments advocated by the European Commission. This paper can inspire policy-makers by providing guidelines to better coordinate among a diverse set of cities and regions in Europe. In previous research, data ecosystems were not directly related to digital rights amidst the global digital geopolitical context and, more specifically, were not connected to the two taxonomies (on data infrastructures and institutions) that could be directly applied to a case study, like the one presented about Barcelona. Thus, this viewpoint paper shows novelty and originality by also opening up (based on previous fieldwork action research) a way to take strategic action to establish a pan-European strategy among cities and regions through three specific priorities. This paper can ultimately support practice and lead to new research and policy avenues.


Introduction
The 21st century can be characterised as the century of data (Friis-Christensen and Triaille, 2019; Kitchin et al., 2018). While data itself has long existed, the current capacity to transform data into action is new (Bigo et al., 2019). Big Data originated with the increasingly advanced data collection capabilities of the internet, social networks, the internet of things (IoT) and sensors. Artificial intelligence (AI) and information technologies (IT) are not only allowed for translating code into routines that could previously only be procured by humans but also injected new, previously unthinkable ones such as massive search (Almirall, 2019;Calzada, 2019a). Finally, the cloud democratised these transformations, converting capital costs into variable costs, providing practically infinite scalability and the ability to package even the most sophisticated routines such as face recognition and individual profiling, into easy-touse pre-trained models (Armbrust et al., 2009). This phenomenon has led to new consequencessuch as hyper-targeting through data analytics, facial recognition and individual profilingreceived by many with both helplessness and threat and resulting in not-so-desirable outcomes such as massive manipulation and control via a surveillance capitalism push in the USA (Zuboff, 2019) and the social credit systems in China (Ahmed, 2018;Creemers, 2018;Kotska, 2019). In contrast, these societal concerns raised a debate in Europe that crystalised into the general data protection regulation (GDPR) coming into force in May 2018 after four years of debate. The emergence of this new phenomenon has spurred a call to action for cities and regions in the European Union (EU), establishing the need to map out the techno-political debate on datafication or dataism (Calzada, 2019b). Moreover, the phenomenon has also ultimately highlighted the potential requirements for establishing regulatory frameworks to protect digital rights. Such frameworks cover demands on privacy, ownership (Calzada, 2018a(Calzada, , 2018b, trust (Mendoza-Tello et al., 2019), access, ethics, transparency (Brunswicker et al., 2019), algorithmic automatisation (Chiodo, 2019) and ultimately, democratic accountability (Mair et al., 2019;Mora et al., 2019b;Wong, 2019).
Alongside this phenomenon, data and data technologies alter not only the corpus of citizens¨rights but also the way in which cities and regions conceive and deliver public policy and services (Vesnic-Alujevic et al., 2019). This digital transformation pervasively encompasses all angles of policy, namely, the provision of services, the assignment of resources, the approach to solving social problems and even the complex decision making process increasingly shifting to software algorithms and evolving towards considering citizens as merely data-providers rather than decision makers (Calzada, 2018a).
This transformational process stemming from a black-boxed algorithmic momentum often gets perceived as a mechanism that increases the efficiency of existing approaches or as simply a process of policy adjustment. Nevertheless, this paper argues that data requires and creates data infrastructures and institutions (Ducuing, 2019;Gray et al., 2018;Kotsev et al., 2020) that empower data and both should be endowed with ethical and democratic governance (Cardullo et al., 2019;Ruppert et al., 2017). This paper presents and develops both data infrastructures and institutions, collectively defining them as data ecosystems (Calzada, 2019a;European Commission, 2018a, 2018bJanssen and Kuk, 2016;Lnenicka and Komarkova, 2019;Oliveira et al., 2019). Data ecosystems are thereby not only the data infrastructures and institutions but also the related analytics and data capture systems used to take data and relay it to the system owners, who can then alter their provision of goods, services and marketing accordingly. Currently, some data infrastructures and institutions configuring data ecosystems are either already established or in an embryonic state, namely the following data ecosystems: Data commons with open data; Code commons with institutions such as Code for America (2019) and the failed Code for Europe (2019); and Projects such as Ckan (2019) or Decode (2018).
This paperstemming eminently from the fieldwork action research carried out for previous publications (Calzada, 2018a) and recent updates and findings (Calzada, 2020) about the Barcelona case studyargues that the data commons model (Calzada and Almirall, 2019a), as initiated and preliminarily implemented during the institutional period 2015-2019 by Barcelona City Council (2019a), has exemplified and contributed to opening up a new policy-data interaction through grassroots-led urban experimentation in Europe (Calzada and Almirall, 2019b Hence, this paper addresses three main aims: (1) to present the urgent need to align and develop these data ecosystems in Europe with the social and public good and democratic choice, unlike the global digital governance paradigms in China and the USA; (2) to elaborate around the case study of Barcelona as the flagship city alongside NYC and Amsterdam, trailblazing the post-GDPR data institution for the function of advocacy called the CCDR; and (3) and consequently, to explore a strategic roadmap for developing effective European data ecosystems.
Accordingly, this paper is structured in three main sections based on these aims. By acknowledging its ambition, and thus its limitations, Section 2 clarifies its attempt to provide just an overview rather than a deep research analysis.

Context and rationale: data ecosystems through data infrastructures and institutions in Europe
In the global context, three main clearly distinguished paradigms on data governance, algorithmic and AI disruption currently coexist (Just, 2018). Firstly, China is super-rich in data and determined to maximise that advantage with systems such as social credit systems (Kotska, 2019) or what is known as technological nationalism (Jiang and Fu, 2018), whereby large technology companies and the state embrace a mutually beneficial symbiotic relationship, in many cases orchestrated by the state in a regime of limited internal competition. Secondly, in the USA, the so-called Google, Amazon, Facebook and Apple (GAFA) is driven by large technological private multinationals who collect massive amounts of data from global citizens without any informed consent. Both models are engaged in a sort of competition with the support of large national technological infrastructures and nationally aligned research agendas. Thirdly, in contrast, Europe is focussing on the attempt to start from the bottom-up to build a truly European modelone, that is sustainable, locally driven, regionally rooted and inclusivewhile trying to maintain its lead. The European post-GDPR context is attempting to solve this conundrum of addressing citizens' rights in a way generative to societal good while maintaining a competitive lead with comparatively larger, more focussed and possibly more determined players (Warnke et al., 2019). Indeed, the European Commission (2019) is developing an expanded network of digital innovation hubs, which could be central to developing local and regional data ecosystems; these hubs will bring AI training, data, computing and local partnerships together to develop AI solutions adapted to local and regional issues. Particularly, as the profound implications of algorithmic disruption in European cities and regions begin to surface, the considerable fears regarding the hidden power of Big Data evil geniuses -GAFAoperating in porous regulatory systems have also emerged (Crémer et al., 2019). The perspective of an increase in the already remarkable amount of data being controlled by AI tools and devices owned by multinational corporations has raised concerns in some European cities such as Barcelona, which is presented as the core case study in this paper, particularly due to apprehension that the corporations may further exacerbate already-pervasive social inequalities and further marginalise the most vulnerable people (Calzada and Cobo, 2015;Eubanks, 2017). These concerns have aggravated the criticism about the already-controversial technocratic European smart city model initially advocated by the European Commission through its H2020-Smart Cities and Communities policy scheme, raising questions about data privacy and ownership (Borsboom-van Beurden et al., 2019;Cardullo et al., 2019;Kempin Reuter, 2019).
Hence, although the global digital governance context and the considerably different values of AI among the three global paradigms (China, USA and Europe), in light of the newly released European data strategy, in the post-GDPR context, Europe seems determined to lead the debate on the digital rights of citizens by experimenting with data ecosystems (European Commission, 2020). According to Kotsev et al. (2020), this strategy not only establishes an ambitious agenda that aims to leverage the favourable technological and political context but also empowers European citizens, businesses and the public authorities through a data-agile approach, which: aligns with European values; and reflects the needs of a multitude of stakeholders.
Thus, the rationale behind data ecosystems in Europe is to deconstruct data complexity and visualise a multi-stakeholder techno-political process, producing truly inclusive urban spaces that fulfil the right to smart cities (Bigo et al., 2019;Cardullo et al., 2019;Dziembala, 2019;Lytras, 2018, 2019). The lack of opaque politics concerning the most sophisticated technology such as deep learning and its increasing use in cities, particularly in very visible tasks such as facial recognition, has resulted in a push for more regulation and algorithmic transparency. Against this European backdrop, data ecosystems are operationally defined in this paper as the overarching data policy framework that comprises: four types of data infrastructures (political artefact, asset, process and network) that need to be enabled through; and four functions (guidance, advocacy, operationalisation and exploitation) accomplished by data institutions that create dynamics, which mobilise these infrastructures to become a real and transformative driver of change.
Regarding data infrastructures (Table 1), data can be considered: a political artefact that infuses societal values into public opinion; an asset that has value on its own; Specifically, data as a political artefact, as an instrument that enables the emergence of individual and collective rights, has attracted significant attention in Europe in the form of legislation on digital rights (Calzada, 2018b(Calzada, , 2019b. GDPR is a good example of this incarnation. Similarly, data as an asset is at stake and is arguably the most widely developed area where data commons is well-represented by open data, but where code commons and model commons are also urgently needed (Calzada and Almirall, 2019a). The public sharing of code and AI models will not only spur innovation but also focus development into fewer and better solutions to the benefit of multi-stakeholder policy schemes in European cities and regions. Accordingly, a pressing necessity in Europe exists for a public cloud, public analytics and public AI workflow processes with ethical and social considerations and standards. Finally, a network comprising moonshot projects, civic tech accelerators, grassroots projects and open data projects with many similarities to the entrepreneurial/innovation ecosystem is also essential for achieving a strong digital European policy in the public sector (Mazzucato, 2017). Consequently, this paper differentiates four functions of data institutions (Table 2) in operationalising the related data infrastructures (previously presented through Table 1): (1) those devoted to providing guidance in the governance and policy such as Open Data Institute (2019) and GovTechLab (2019); (2) those focussed on advocacy such as the CCDR (2019) source data together with those who have the political intent to reverse postcapitalistic logics through new grassroots-led urban experimentation such as platform co-operatives (Borkin, 2019;Calzada and Almirall, 2019a;Scholz, 2016) and data co-operatives (Hardjono and Pentland, 2019).
A platform co-operative is a co-operatively owned democratically governed business model that establishes a computing platform and uses a website and/or mobile application to facilitate the sale of goods and delivery of services. Examples of platform co-operatives include Fairbnb, Denver's Green Taxi Co-operative and Resonate. Data co-operatives may help rebalance the relationship between those who create data (citizens as data providers) and those who seek to exploit that data while also creating an environment for fair and democratic exchange. Data co-operatives with fiduciary obligations to members provide a promising direction for the democratic empowerment of citizens through their personal data. Examples of data co-operatives are flourishing around credit unions. As not-for-profit institutions owned by their members, credit unions are already chartered to securely manage their members' digital data and to represent them in a wide variety of financial transactions.
In Section 3, this paper briefly presents several elements to illustrate the relevance of data ecosystems through the case study of Barcelona, researched in-depth since 2017 by the authors (Calzada, 2018a(Calzada, , 2019bAlmirall, 2019a, 2019b). Barcelona ultimately illustrates that Europe may be speaking with its own voice. In Section 4, this paper proposes a preliminary roadmap to make data policy effective for European local and regional authorities.

Methodology and discussion: the case study of Barcelona
In the contours of this paper, the case study of Barcelona illustrates the leading role that this city has played since 2015 by shifting the smart city policy agenda and starting to construct data ecosystems from scratch in not only Barcelona but also in Europe by leading the CCDR. In fact, during the policy period starting in May 2015, Barcelona attempted to cover the four techno-political types of data infrastructures (Table 1) and the four functions of data  Scholz (2016, p. 16), "platform co-operative is a term that describes technological, cultural, political and social changes" Complementarily, according to Borkin (2019, p. 5), "platform co-operatives are digital platforms that are designed to provide a service or sell a productand are collectively owned and governed by the people who depend on and participate in them" And according to Hardjono and Pentland (2019, p. 2), "data co-operatives refer to the voluntary collaborative pooling by individuals of their personal data for the benefit of the collective group or community membership" institutions (Table 2). Accordingly, this paper reveals that the intensity of the outcomes for the four types and four functions differ considerably, requiring further nuanced fieldwork research to produce conclusive results. Obviously, regarding data infrastructures, the political artefact defined through the manifesto in favour of technological sovereignty and digital rights for cities and the Barcelona ethical digital policy toolkit was the main driver of the data ecosystems in Barcelona. Regarding data institutions, the advocacy function facilitated through the CCDR was remarkable but so, too, was the way in which the city-data analytics office was operationalised to be strategically supported through the efforts to create a pan-European data infrastructural asset such as code commons. In this endeavour, contributions made by participants of the DECODE-DECIDIM-METADECIDIM experimental and strategic initiative triad clearly operationalised a solid digital policy ground for establishing pan-European data institutions. In addition, there were several attempts to nurture platform co-operatives (Scholz, 2016) and data co-operatives (Hardjono and Pentland, 2019) such as Som Energia (Calzada and Almirall, 2019a) as a social and ethical alternative to existing commercial platforms (Just, 2018). Methodologically speaking, the authors' previous research spanned September 2017 to March 2019 by putting into practice a fieldwork action research methodological approach (Forester et al., 2019) in two gradual and complementary steps. Preliminarily, one author of this paper actively participated in the CCDR and the subsequent actions aimed at establishing data commons and code commons. In parallel, the other author actively carried out direct participation in three core events and conducted 20 in-depth interviews with a diverse set of strategic stakeholdersfollowing the Penta Helix multi-stakeholder frameworkincluding the private sector, the public sector, academia, civic society and (social) entrepreneurs/activists (Calzada and Cowie, 2017). Thus, the previous fieldwork revealed several key findings already published (Calzada, 2018a) in the special issue of the journal Sustainability entitled Big Data research for social sciences and social impact, which could be considered the point of departure for this broader paper.
From a strategic standpoint, the governmental period in Barcelona starting in May 2015 could be examined as follows: the team led by the former Chief Technology and Digital Innovation Officer of Barcelona City Council, Francesca Bria, largely supplanted the role of several data institutions by accomplishing core strategic functions. Clearly, this approach may present abundant hindrances (Bria, 2019), despite the fact that the significant impact is worth considering and highlights the main benefit of this paper: to suggest a roadmap for governance and institutional empowerment to allow for creating effective and democratic data ecosystems in Europe. Barcelona (alongside the leading cities of the CCDR such as Amsterdam and NYC) presented what can be described as an embrionic version of a set of data ecosystems for the European city-regional realm, particularly on its institutional side. Hence, in this section, this paper briefly examines Barcelona's data institutions as structured in Table 2.
In guidance, all 20 interviewed stakeholders (stemming from previous fieldwork research; Calzada, 2018a) agreed upon the large impact of the accomplishments, exemplified through two main data infrastructures under the GDPR umbrella (Table 1), namely, the manifesto and the toolkit. There was, however, also a consensus on the lack of diversity in the guidance, based on the unilateral ideological vision of the given data infrastructuresthe political artefact.
Advocacy is probably the more fertile data institution's function in this policy analysis during the period 2015-2019. Despite the fact that directly promoting this approach on digital rights (also known as technological sovereignty; Calzada, 2019b) from local authorities is rather unconventional, it is equally true that CCDR proved to be very effective, particularly in terms of already mobilising 41 cities worldwide and creating techno-political awareness.
Operationalisation took four different directions under the policy programme data commons: the first operationalisation involved updating the open data ecosystem with an open-source portal (CKan) while fostering its adoption. The second involved creating the city-data analytics office. The third involved the code-sharing effort via the open software ecosystem through cityOS through the CCDR to identify and encorage software to share. Then finally, the fourth involved three experimental and strategically intertwined initiatives: (1) cutting-edge, innovative EU-funded projects such as DECODE led by Barcelona and Amsterdam; (2) the DECIDIM grassroots-led deliberative platform; and (3) the METADECIDIM process for reflecting upon DECIDIM's operation and future development through a meta-lab of open debate.
However, the exploitation of the data institutions has materialised bolder and more innovative projects around two new organisational forms for data, namely, platform cooperatives and data co-operatives. Alongside the launch of the CCDR in 2018jointly led by Barcelona, Amsterdam and NYCupdated and ongoing fieldwork research revealed Almirall, 2019a, 2019b) a tension between two different business models on data governance as follows: platform capitalism exemplified with the conflict between Cabify and Uber and the local taxi association, Elite Taxi BCN and platform co-operativism exemplified by the successful case of Som Energia, a co-operative in the energy field that is actively supported by city hall. While it is much too soon to accurately appraise the initiative, it certainly extends beyond what has been attempted by city halls so far, raising the bar for local politics in general and digital policy, in particular, and opening up new and promising data policy pathways. Updated and ongoing fieldwork research also surfaced the underlying tension between a government that tries to push the limits of what a local administration can achieve and what it should achieve given its inherent internal restrictions (Purwanto et al., 2020). The will to push the boundaries of the digital competences in local authorities is highly visible in advocacy, particularly in the construction of the coalitions in 41 cities worldwide pushing to establish digital rights (and technological sovereignty) and primarily gaining momentum from the European post-GDPR realm. Furthermore, this push not only explicitly expresses techno-political will but also introduces the novel ambition in local governments aiming to redefine modes of production by creating platform and data co-operatives.
However, the tension, which often turns into frustration due to limitations, has mostly surfaced in uncommon and unexpected data policy areas. One of them is code commons. Certainly, sharing code developed with public money among cities, on the surface, seems unproblematic. There are, however, many details in the implementation that create insurmountable barriers. Among them is the lack of incentives for cities to start a collective process that hypothetically will ultimately benefit all despite the complexities involved in prioritising this process as a pressing matter for local authorities. Likewise, the same occurs with analytics as follows: data scientists are expensive to hire and not eager to work for bureaucracies such as city councils, particularly if the scientists have not already established leadership in the field that ensures the progression through a career path.
Hence, looking past these tensions and returning to the assessment of guidance, this paper discovered the main issue, namely, the lack of external validation and guidance for governancewhile the need to continuously invent its modelwithout the endorsement and advice that external organisations such as GovTechLab (2019), could have provided.

Conclusion
The conclusion of this paper revolves around the evidence that local digital policies are no longer local, in neither their objectives nor their instruments for implementing data infrastructures and institutions. The interpellation of global actors that interdependently shapes the digital governance realm cannot be understood from an extremely local perspective of each city council. This paper, therefore, suggests data ecosystems as a need for a pan-European post-GDPR digital policy (Kotsev et al., 2020). Thus, currently, the embryo of data ecosystems consists of several forms of cooperation with universities serving the CCDR in a broader Penta Helix multi-stakeholder policy scheme (Calzada and Cowie, 2017;Olsen and Welke, 2019).
In the contours of the previously published and further ongoing and updated fieldwork action research carried out in Barcelona and briefly presented in this paper, the authors conclude by proposing a preliminary roadmap for data ecosystems among European cities and regions. Fieldwork research overall clearly shows that code sharing cannot be established from a local perspective with pressing only local interest. Rather, it needs neutral agencies driven by incentives to create common ground. Code development also needs the guidance and common motivation that non-profit foundations such as Apache or Numfocus brought to open source. Previous attempts witnessed a tentative translation of these efforts done by Code for America or the failed Code for Europe, but they lacked the breadth and necessary influence to trigger the movement effectively, among other things because of the lack of perspective of future growth, finance capabilities and a feasible vision that European cities and regions will firmly adopt their contributions (Ulo et al., 2019).
After previous and ongoing fieldwork research, a clear final remark emerged: it is highly unlikely that these new European data ecosystems appear with the present digital policy scheme. Cities acting independently will have neither the opportunity nor the sense of urgency to establish a set of commons in terms of data infrastructures and institutions, nor the resources and the power of influence to develop pan-European collaborations among cities and regions. There is certainly a need to pursue a different approach through a European roadmap for digital policy and the emergence of data ecosystems.
Three main priorities stand out from the previous and ongoing fieldwork action research and could constitute a preliminary roadmap for local and regional governments that aim to establish post-GDPR data ecosystems for protecting citizens' digital rights in Europe: (1) Advocacy. There are already organisations where cities and regions can collate their points of view such as Eurocities or intensive knowledge exchange activities such as the city-to-city-learning programme in the replicate EU project (Replicate EU, 2019). However, the rise of other networks with a substantial critical approach to the techno-politics of data science such as CCDR shows the need for further critical policy approaches for data. Cities and regions in Europe need arenas where they can speak louder among a set of diverse voices, arenas that should be better connected to European policymakers.
(2) Governance. There is a lack, particularly in continental Europe, of guidance and applied research in policy, especially in modern areas such as AI, data spaces, behavioural analytics and digital transformations. Much of the problem lies not in the existing capacities but in the financing of these activities with a neutral nonpartisan view.
(3) Pan-European agencies. Probably the most stringent problem is one of mobilising capacities in AI, analytics and modern software development by putting them at the service of European cities and regions. Without such mobilisation, the data infrastructures and institutions will not happen and the benefits of AI will not be reaped. Among all potential solutions, pan-European agencieseither public, private or in the form of a partnership through the Penta Helix framework (Calzada and Cowie, 2017) that promote open source code, model sharing and standardisation look like the best possible solution.
Cities and regions have, so far, followed a bottom-up approach with limitations, as uncovered by the current research. In parallel with that, the rise of new needs surfaced the increasing limitations of this approach. European local and regional governments are still endowed with old governance structures that clearly cannot overcome 21st-century challenges. These challenges ultimately boil down to protecting citizens' digital rights while relying on the capacity of European cities and regions to deal with self-governing and interdependent data policies as the only possible way to ensure fairer European democracies.