Beyond Privacy
Privacy law may address personal information, but Indigenous Data Sovereignty can also involve collective interests, community governance, and Nation-specific authority.
Indigenous Data Sovereignty
Indigenous Data Sovereignty requires more than compliance. It requires authority, consent, stewardship, and community control.
DSCC supports Indigenous Data Sovereignty alignment by developing education, governance resources, standards alignment tools, and operational frameworks that help organizations respect Indigenous authority over Indigenous data. DSCC’s role is to support alignment and readiness — not to replace Indigenous authority, Nation-specific protocols, or community-controlled governance.
Understanding the Issue
Indigenous data is not just another data category.
Indigenous Data Sovereignty recognizes that data connected to Indigenous Peoples, Nations, communities, lands, services, culture, histories, governance, and collective interests may carry responsibilities that ordinary data governance frameworks do not fully address.
Where Indigenous data is collected, stored, analyzed, shared, commercialized, or used in AI systems, organizations must consider more than privacy compliance. They must consider authority, consent, stewardship, access, possession, use restrictions, cultural protection, and the governance protocols of the relevant Indigenous Nation, government, community, or organization.
Beyond Storage
The question is not only where data sits, but who governs it, who can access it, how it can be used, and whether it can be returned or deleted.
Beyond Consent Forms
Consent must be meaningful, contextual, and aligned with the authority and protocols of the Indigenous community or organization involved.
Beyond Compliance
Compliance is not the same as respect, stewardship, or sovereignty alignment.
DSCC’s Role
DSCC’s role: alignment, education, and operational readiness.
DSCC can help organizations understand the governance questions they must ask, the evidence they may need to maintain, the restrictions they may need to respect, and the operational controls they may need to implement when Indigenous data is involved.
DSCC Can Support
- Education and awareness
- Alignment resources
- Governance readiness tools
- Training
- Standards alignment guidance
- Evidence preparation
- Future certification-alignment pathways
- Responsible organizational practices
DSCC Cannot Replace
- Indigenous authority
- Nation-specific protocols
- Community consent
- Indigenous governance systems
- Treaty rights
- Legal duties
- Community-controlled decision-making
- Direct relationships with the relevant Indigenous authority
Community Authority
Community authority comes first.
Where data relates to an Indigenous Nation, community, organization, people, lands, programs, services, culture, or governance, authority cannot be assumed by the organization holding the database. The relevant Indigenous authority may have governance expectations, protocols, agreements, or decision-making processes that must be respected.
Sovereignty alignment begins by asking who has the authority to decide how the data is collected, stored, used, shared, analyzed, retained, returned, or deleted.
Consent
Consent must be meaningful, specific, and governed.
Consent involving Indigenous data should be understood in context. It may require more than individual permission or a generic data-use clause. Depending on the data and the community involved, consent may need to reflect collective interests, community protocols, governance agreements, and clearly defined limits on use.
Organizations should be able to show what was approved, who approved it, what uses were permitted, what uses were restricted, and how consent or permission can be reviewed, updated, or withdrawn.
Stewardship
Stewardship is not ownership.
Organizations that hold Indigenous data may be acting as stewards, processors, service providers, researchers, vendors, or custodians. Possessing data in a system does not automatically create unrestricted authority to use, share, commercialize, train models on, or retain that data.
Sovereignty alignment requires clarity about who controls the data, who holds it, who can access it, who can authorize new uses, and what happens when the relationship ends.
Data Custody
Who physically or technically holds the data?
Data Control
Who has authority to decide how the data is used?
Access Rights
Who can view, export, transfer, or share the data?
Return and Deletion
What happens when permission ends, a contract expires, or a community requests return or deletion?
Cultural Protection
Some data requires cultural protection.
Indigenous data may include information connected to culture, language, land, heritage, ceremonies, traditional knowledge, community history, governance, health, children and families, or other sensitive collective interests. These contexts may require restrictions that go beyond standard privacy, security, or research compliance.
Organizations should avoid treating culturally sensitive information as ordinary content, open data, training data, or reusable material unless the relevant Indigenous authority has clearly permitted that use.
AI & Secondary Use
AI and secondary use require explicit limits.
Indigenous data should not be treated as automatically available for new analytics, product development, AI model training, automated decision-making, commercialization, or secondary research simply because an organization has access to it.
Where Indigenous data may be used in AI systems, organizations should be able to show whether the use was authorized, whether model training is permitted, whether outputs can be shared, whether vendors can access the data, and whether the data can be removed, restricted, or returned.
Model Training
Can the data be used to train or fine-tune AI models?
Automated Decision-Making
Can the data influence automated decisions affecting people, services, funding, or governance?
Vendor Access
Can third-party AI vendors view, process, store, or reuse the data?
Secondary Research
Can the data be reused for purposes beyond the original approval?
Commercialization
Can the data support products, services, intellectual property, or revenue?
Deletion and Model Removal
Can the data be deleted, excluded, or removed from downstream systems where required?
If Indigenous data may enter an AI system, the organization should treat that as a separate governance
decision — not an assumed extension of the original data collection.
Advisory Governance
Indigenous Advisory Circle
DSCC’s Indigenous Data Sovereignty work should be guided by an Indigenous Advisory Circle that provides advisory input on Indigenous-related standards, training, resources, terminology, alignment criteria, and engagement practices.
The Circle’s role is to help ensure DSCC’s work in this area is respectful, informed, accountable, and alert to risks of overreach, misrepresentation, or appropriation.
Responsibilities
- Review Indigenous Data Sovereignty resources
- Advise on terminology and public-facing language
- Review Indigenous-related training content
- Advise on alignment criteria
- Identify risks of overreach or misrepresentation
- Support respectful engagement practices
- Provide guidance on community-controlled governance considerations
Pathways
Choose the pathway that fits your role.
DSCC supports both Indigenous governments, Nations, communities, and organizations seeking resources — and organizations that handle Indigenous data and need to understand alignment responsibilities.
For Indigenous Governments & Communities
Access DSCC updates, Indigenous Data Sovereignty resources, governance templates as they become available, training opportunities, and pathways for engagement or partnership.
For First Nations, Métis organizations, Inuit organizations, Indigenous governments, Indigenous-led organizations, and community organizations.
For Organizations Handling Indigenous Data
Understand the governance questions, evidence expectations, consent requirements, AI restrictions, vendor risks, and future certification alignment criteria that may apply when Indigenous data is involved.
For corporations, governments, public institutions, universities, researchers, technology vendors, consultants, AI companies, and health and social service providers.
Resources
Resources in development
DSCC will develop resources to support education, governance readiness, and operational alignment where Indigenous data is involved. Some resources may be public, while others may be available through membership, training, or approved access pathways.
Indigenous Data Sovereignty Overview
A plain-language introduction to key governance questions and alignment considerations.
Coming SoonCommunity Data Governance Checklist
A practical checklist for identifying authority, consent, stewardship, access, use, return, and deletion considerations.
Coming SoonIndigenous Data and AI Use Considerations
Guidance on AI training, secondary use, vendor access, automated decision-making, and model governance.
Coming SoonData-Sharing Agreement Readiness Guide
A readiness guide for organizations preparing to document data-sharing terms, restrictions, responsibilities, and review processes.
Coming SoonBuild Indigenous Data Sovereignty alignment with care, evidence, and respect.
Whether you represent an Indigenous government, Nation, community, or organization — or an institution that handles Indigenous data — DSCC can help start the right conversation.