Data governance is not the same as data privacy, protection, or security. And it can not be reduced to any of those either as it does none of the terms any favours. They do need to be considered separately. However, not only separately as they also need to be considered together. Therefore, while they are separate parts, they are a part of a whole as well.
Data Governance also suffers when we only consider it from a single organisation point of view. Obviously, this is important, but I am not aware of any organisation that only works with itself having no interaction with an external entity. I found the Wikipedia definition helpful as it distinguishes between the macro and micro level. Unfortunately, Wikipedia’s macro level appears to only focus on international borders, not acknowledging ‘industry’ wide data governance. The humanitarian sector is full of data goverannce issues as we recognise we need to work together more than individually as organisations.
The ‘micro level’ definitions tend to be high level views of data management. Therefore, they focus on decision rights, accountabilities, controls, rules and definitions (For example, see this framework). And yes, aspects of this can be extrapolated to industry wide interactions.
However, unfortunately too many of these frameworks and definitions forget or leave out the reality of data ecosystems. They leave out humans. Data governance must acknowledge and address issues of power and politics for it to be more than an academic exercise. It must acknowledge the context in which the data is collected, processes, used, and hopefully deleted. And this context has inbuilt bias, power dynamics, capacity, and political dimensions.
And this is the hard part. Perfecting a model is one thing, applying good governance in a context and an industry is a very different endeavour.