*Are there clear, ethical and reliable guidelines and open standards (e.g. open data law) in place on how to participate in a data exchange? What measures have been taken to ensure these provide comprehensive information on accessing, processing and sharing data?

What percentage of data derived from public services is available in digital format? Are measures in place to expand digitization of data?

How have institutions ensured that the process of accessing data is easily understandable, e.g., is there a central portal to facilitate data access and sharing?

*What formats have been chosen for capturing the datasets (e.g., CSV, JSON, APIs, Excel)? Have these formats been tested for machine readability and ease of use? How often is the data updated?

What systems are in place to assess and assure the quality and validity of data that is shared? Which office is responsible for ensuring data quality and data harmonization across government institutions? Is the source of truth for information domains clearly established?

What feedback mechanism is in place for users to report issues with data quality, access or usability? How is feedback incorporated and acted upon?

What policies have been developed to ensure that historical data remains accessible and is archived in a usable format?

‍

A central, accessible, user-friendly data portal has been created, with real-time and dynamic data updates; it is used frequently by government agencies.

ITU Definition of Open Standards: https://www.itu.int/en/ITU-T/ipr/Pages/open.aspx

Data Space Support Centre Collection of Open Standards & Technology: https://dssc.eu/space/SE1/185794608/Data+Interoperability+standards+and+technologies+landscape

ODI Open Standards for Data: https://standards.theodi.org/introduction/types-of-open-standards-for-data/

‍

‍

What steps have been taken to create an institutional culture of data-sharing and data (re-) use? Does this culture account for people's needs and interests? If not, are there plans for a national roadmap or programme to build a data culture?

Describe the continuous training programmes available for staff to build the skills and culture needed to encourage data-sharing and reuse.

Is there a social license for data reuse established through a meaningful and inclusive participatory process?

*What are the incentive structures and policies for government entities to access, share and use data for the public interest, for public administration and for decision-making? How is the effectiveness of these incentives measured?

‍

A wide range of actors actively participate in data exchange and reuse data in the public interest.

OECD: https://www.oecd.org/en/publications/enhancing-access-to-and-sharing-of-data_276aaca8-en.html

AFD: https://www.afd.fr/en/ressources/responsible-data-re-use-developing-countries-social-licence-through-public-engagement

ODI Data Skills Framework: https://learning.theodi.org/courses/data-skills-framework

‍

What cyber security regulations (including in case of data breach) are in place? Has the country signed the Budapest Convention on Cybercrime?

What guidelines (e.g., on passwords, system back-ups, software updates) and enforcement mechanisms (e.g., a cyber security threat assessment) are in place?

How have the roles and responsibilities around cyber security been made clear? Are sufficient capacities in place (including skills, systems and processes)?

What is the national policy on data storage and handling? Is it centralized, decentralized, federated?

What provisions have been made for data traceability and to ensure that a specific data exchange event took place?

What data continuity plan is in place? What steps should be taken in the event of critical failure with regard to data storage?

‍

The Budapest Convention on Cybercrime has been signed and cyber security regulation is in place. Regular threat assessments, as well as clear protocols in cases of un- authorized use or data breaches enable quick responses.

Council of Europe Budapest Convention on Cybercrime: https://www.coe.int/en/web/cybercrime/the-budapest-convention

UN System Chief Executives Board for Coordination on Cyber Security: https://unsceb.org/topics/cybersecurity

‍UNDP 'Drafting Data Protection Legislation: A Study of Regional Frameworks' (2023): https://www.undp.org/publications/drafting-data-protection-legislation-study-regional-frameworks

Data Spaces building block on data traceability: https://dssc.eu/space/bv15e/766068145/Provenance+&+Traceability

‍

Does a national policy exist with physical, technical and organizational safeguards to protect data (e.g. a data protection & privacy law)?

To what extent do government policies include data minimization for collecting, storing and handling data? Is there a purpose limitation for personal data?

To what extent are data protection laws/policies operational and enforced? Does the country have an independent data protection authority?

Are there exceptions for government from data protection obligations? Are these made public?

What is the national approach to digitally verifiable credentials? Is there a clear consent process that articulates to the individual what data they are consenting to share, for what purpose, with whom, for how long, and how they can revoke that consent?

Is there a way for individuals and groups to see who has accessed their data, when and for what purpose? Can individuals control access to their data? Are these interfaces designed with accessibility, and usability in mind?

‍

A national data protection law is in place and includes policies on data minimization and purpose limitation. It is is fully enforced through a well-resourced data protection authority.

UNDP 'Compendium of Data Protection and Privacy Policies and other Related Guidance within the United Nations Organisation and other Selected Bodies of the International Community', (2021): https://unstats.un.org/legal-identity-agenda/documents/Paper/data_protecton_%20and_privacy.pdf

The Council of Europe Convention 108+: Convention on the Protection of Individuals with Regards to Automated Processing of Personal Data: https://www.coe.int/en/web/data-protection/convention108-and-protocol‍

African Union Convention on and Personal Data Protection: https://au.int/en/treaties/african-union-convention-cyber-security-and-personal-data-protection

‍