Village Governance CourseModule 2 of 8
All modules
Module 2Foundations40–50 min

What indigenous data sovereignty adds

This module examines what indigenous data sovereignty contributes to governance that conventional enterprise practice does not supply. This is not a detour from governance — it is governance. Indigenous data governance has worked out, in operational detail, a set of concepts — collective rights, stewardship responsibilities, relational provenance, context-bounded use, and authority structures beyond individual consent — that mainstream corporate governance has largely left undeveloped. A board need not be indigenous to benefit from those concepts; it needs only to govern data whose meaning, ownership, and legitimate use are more complex than an access-control list can capture.

Te reo Māori & indigenous governance — offered in good faith. This module discusses indigenous data sovereignty for a governance audience and translates each concept into plain language. It is not authoritative cultural guidance; we welcome correction from mana whenua and cultural advisors.

2.1 Beyond ownership and consent

Conventional corporate data governance is organised around a familiar set of questions: who owns the data, who may access it, what compliance obligations apply, and how it can be processed efficiently at scale. These are real questions and they matter. But they assume that ownership and consent are sufficient to settle legitimacy — that once an owner is identified and consent is obtained, the data may be used however the owner sees fit. Indigenous data sovereignty rejects that assumption as incomplete.

Instead, it asks a wider set of questions. Not only who can access the data, but who has the authority to define what counts as a legitimate use. Not only who holds title, but what relationships the data belongs within — the people, the community, the place, and the history that give it meaning. Not only what is permitted, but what obligations attach to holding the data at all. And critically, how collective interests are protected over time, beyond the moment of an individual transaction. Authority, in this view, can sit with a collective body rather than with whoever happens to operate the system or click "agree".

Village AI applies this distinction directly. It contrasts a centralized model of AI — governed by a single corporate constitution, optimised for scale, and offering the same defaults to everyone — with a federated approach in which each community defines its own values, controls its own data, and requires the AI to adapt to those values rather than the other way round. That reframes AI from a universal assistant, neutral and identical for all, into a constitution-bearing institutional actor: a participant that carries, and must answer to, the governance values of the community it serves.

Teaching point: Ownership and consent answer "who holds it" and "who said yes". Indigenous data sovereignty adds "who has authority to define legitimate use", "what relationships and obligations attach", and "how collective interests are protected over time" — questions enterprise governance rarely asks explicitly.
Bridge question: If your board adopted an AI tool today, whose constitution would it be operating under — the vendor's, or your community's — and where is that written down?
Key teaching points
  • Collective rights and authority-to-control are structurally different from end-user consent: a single individual agreeing to a use does not exhaust the question of whether that use is legitimate for the collective.
  • Provenance and relationship matter because meaning changes when records are detached from their originating context — the same data can be accurate and still misused once it is stripped of the relationships that explain it.
  • Federation reframes AI as a constitution-bearing actor: instead of one optimisation logic for everyone, each community sets the values the system must serve.
External reading
Discussion topics
  • Where does your organisation already manage information that is collectively held rather than individually owned?
  • What governance concepts in your domain resemble stewardship, guardianship, or collective authority?
  • What would respectful adaptation of indigenous governance insight look like in a mainstream board?

2.2 Why this generalises to all boards

It would be a misreading to treat these concepts as relevant only to indigenous communities. The deeper point is general: governance quality improves whenever records and systems are designed to preserve authority, context, provenance, and contestability, rather than flattening everything into generic, interchangeable enterprise data. Indigenous data governance is valuable to every board precisely because it has had to make these properties explicit and operational, where mainstream practice has been able to leave them implicit — and therefore unprotected.

Consider what flattening costs. When a record is collapsed into a generic field, the question of who has authority to control its use disappears into whoever holds the login. When context is dropped, the meaning that depended on that context becomes unrecoverable, even though the data looks intact. When provenance is not preserved, a board cannot later distinguish a recommendation it endorsed from one it merely received. And when contestability is engineered out — when there is no room in the record for dissent, qualification, or an alternative reading — the system quietly converts plural judgements into a single, unchallenged version of events. None of these costs are unique to any culture. They are governance failures that any board can suffer.

Teaching point: Governance architectures should preserve plural values rather than collapse them into a single optimisation logic. A system tuned only for scale and efficiency will, by default, erase the very properties — authority, context, provenance, contestability — that a board later needs to explain and defend its decisions.
Discussion topics
  • Which of your records lose meaning when detached from context?
  • Where do you collapse plural values into one metric?
  • Who holds authority-to-control, distinct from who owns?
Self-check

1. What does indigenous data sovereignty add that ownership-and-consent governance typically omits?

It widens the question beyond title and permission to authority, relationship, obligation, and enduring collective interest.

2. Why is collective authority described as structurally different from end-user consent?

Consent operates at the individual transaction; collective authority concerns who may legitimately define use on behalf of the group.

3. How does this insight generalise to non-indigenous boards?

The generalisable lesson is to preserve plural values rather than collapse them into a single optimisation logic.

Completing the module saves your progress on this device.
← Module 1 Module 3 →

Useful so far? Share Module 2 with a colleague, or show a QR code to scan.