Blog · Review Essay · Last reviewed June 25, 2026

All Data Are Local and the Data Setting

Yanni Alexander Loukissas's All Data Are Local: Thinking Critically in a Data-Driven Society is a compact warning against one of the most durable fantasies of the AI era: that data can be lifted out of the world, scaled up, and made authoritative without carrying the marks of its origin. The book's value is not only its claim that data have context. It is the practical discipline of asking what setting made a data set possible before an institution turns it into evidence, prediction, or automated action.

For this review, a data setting means the whole situated apparatus that makes a record usable: source, instrument, collector, category, interface, update practice, audience, permission, and downstream decision. Locality is therefore not only geography. It is the evidence that tells a future model, buyer, auditor, or affected person what the data can still honestly claim.

The practical test is setting fit: whether the source setting, transformation setting, interface setting, and deployment setting are close enough for a record to bear the authority being placed on it. When those settings diverge, a dataset can remain technically accurate while becoming institutionally false.

The Book

All Data Are Local was published by MIT Press in 2019, with an ebook and hardcover listed for April 30, 2019 and a paperback listed for May 3, 2022. The MIT Press page gives the ebook ISBN as 9780262352222, the hardcover ISBN as 9780262039666, the paperback ISBN as 9780262545174, and lists the book as 266 pages with 60 color illustrations. Information Research reviewed the 2019 hardcover as xix plus 245 pages; some catalog and retail records differ slightly, so this review treats MIT Press as the controlling bibliographic source and uses the other records only as reception and catalog context.

Loukissas is a digital media scholar at Georgia Tech and the author of Co-Designers: Cultures of Computer Simulation in Architecture. The book grows out of a design-and-computation sensibility rather than a purely abstract theory of data. Its central move is to replace the phrase "data set" with the more demanding phrase "data setting": the local environment of instruments, institutions, maintenance work, formats, conventions, audiences, interfaces, and assumptions that allows data to exist as data.

A data setting is not just background context. It is the active production environment for evidence: the orchard, archive, newsroom, housing market, form, sensor, taxonomy, labor practice, update schedule, database schema, and public interface that decide what can be counted and how the count can travel. That definition matters because AI systems often inherit data after the setting has been stripped from view.

That makes locality an audit property, not a sentimental attachment to place. The question is not whether a record is parochial or global. The question is whether its source conditions, categories, maintenance work, and intended audience survive the journey into a model, dashboard, procurement file, answer engine, or automated decision.

The case studies are deliberately mundane and public-facing: Harvard's Arnold Arboretum, the Digital Public Library of America, the UCLA Television News Archive, and Zillow. That choice matters. The book is not only about secret state databases or exotic machine-learning systems. It asks readers to notice that even familiar, civic, searchable, apparently benign data collections are made under local conditions that shape what can later be known.

Current Context

As of June 25, 2026, Loukissas's argument is no longer only a cultural critique of datasets. It has become a live AI governance problem. Article 10 of the EU AI Act makes data governance for high-risk AI systems depend on collection processes, original purpose, annotation, cleaning, assumptions about what the data are meant to measure, bias examination, gaps, and the specific geographical, contextual, behavioural, or functional setting of use. Article 53 and the European Commission's training-content summary template add a public-transparency layer for general-purpose AI training content. NIST's AI Risk Management Framework frames risk management as a lifecycle process rather than a one-time dataset check.

Security agencies now treat the same issue as supply-chain risk. The 2025 AI Data Security guidance from NSA, CISA, FBI, and international partners focuses on data provenance, trustworthy sourcing, integrity checks, secure storage, data drift, poisoning, and logging the path data follows through an AI system. MLCommons' Croissant metadata work points in the same operational direction by making dataset attributes, provenance, licensing, loading, and usage restrictions more machine-readable. None of these artifacts makes data self-explanatory. They make Loukissas's setting question harder to evade.

The current discipline is setting continuity. A model, retrieval system, benchmark, dashboard, or public-service workflow should preserve the chain from source setting to transformation setting to interface setting to deployment setting. When that chain breaks, a record can still be syntactically valid while losing the authority that justified acting on it.

The Myth of Portable Data

The most useful AI-era lesson in All Data Are Local is that portability is never innocence. A spreadsheet, archive export, API response, training corpus, vector database, or benchmark can travel, but it does not travel empty. It carries naming conventions, missing fields, collection priorities, transcription errors, sensor limits, institutional incentives, update rhythms, and old decisions about what was worth recording.

That is an immediate challenge to model-mediated knowledge. Foundation models are often described through scale: tokens, parameters, compute, benchmarks, users, latency, cost. Loukissas pushes attention in the opposite direction. Before asking what a model can infer from data, ask how those data became available, who made them orderly, what local knowledge was stripped away, which communities were over-recorded or absent, and which future uses were never part of the original bargain.

The portability myth also turns consent into a false abstraction. A person, institution, or community may tolerate one use because the local setting gives it meaning: a plant record for stewardship, a news transcript for public memory, a housing listing for a sale, a library record for discovery. When the same record is joined to a broker file, fed into a model, or used to score a stranger, the action changes even if the field values do not.

This is the setting-fit failure in miniature. A field collected as a coordination aid can become a proxy for worth, risk, fraud, employability, health, creditworthiness, or trust. The data point did not have to be fabricated to become unfair. It only had to be detached from the conditions that made it meaningful and then used as if the new decision were the same kind of act as the old recordkeeping.

The book is especially strong against the fantasy of "raw data." Rawness is usually a social achievement disguised as nature. A record has been selected, formatted, translated, normalized, cleaned, visualized, searched, or made interoperable before it becomes useful to the next system. By the time an AI product presents an answer, the local work that made the answer possible has often disappeared behind the fluency of the interface.

Interfaces Change the Data

One of Loukissas's six principles, as summarized by MIT Press, is that interfaces recontextualize data. This is a sharper claim than saying interfaces display data. A search page, dashboard, map, timeline, autocomplete menu, model response, or retrieval result changes the relation between a user and a record. It foregrounds some fields, hides others, creates defaults, ranks relevance, suggests comparisons, and gives the collection a social role.

That point lands hard in the AI transition. A source document inside an archive is one thing. A snippet in search is another. A generated answer that compresses the source into confident prose is another again. Each interface narrows and expands reality differently. It changes what counts as salient, what feels authoritative, what becomes shareable, and what future systems may ingest as a clean account of the world.

The interface can also change the audience. A database built for specialists may become a consumer product. A public record built for accountability may become a surveillance feed. A research corpus may become a commercial training source. A model summary may reach people who cannot see the archive, the uncertainty, or the labor behind it. Recontextualization is therefore a governance event, not only a design event.

An interface is therefore a second data setting. Default sorting, color scales, labels, search facets, autocomplete suggestions, map boundaries, warning badges, confidence scores, citation placement, and missing-field handling decide how the record can be acted on. An audit that checks only the database and not the delivery interface misses the place where evidence becomes behavior.

This is why data governance cannot stop at provenance labels or dataset documentation, although both matter. The interface that delivers data is part of the evidence system. A welfare portal, hiring dashboard, police intelligence screen, medical triage chatbot, school analytics page, or corporate copilot can make a local record feel like general truth. The user's next action is shaped not only by the data but by the form in which the data arrives.

Algorithm and Archive

Information Research's review is helpful because it notices the book's attention to algorithm-data entanglement. In the UCLA Television News Archive case, Loukissas examines word patterns around election coverage and shows how transcription and analysis conditions affect what the algorithm can surface. The lesson is not that computation is useless. The lesson is that algorithms and data function together inside contingent, material, and historical circumstances.

That should sound familiar to anyone evaluating AI systems. A benchmark is not just a score. It is a task definition, dataset history, grading convention, leakage risk, prompt format, and community of people who decide whether the result matters. A model evaluation is not just a number. It is an instrument built from old examples and present assumptions. A retrieval system is not just recall. It is an index, a chunking strategy, a ranking policy, and a decision about what sources deserve to be near the answer.

For retrieval-augmented systems, setting fit must include the index. The same archive becomes different evidence when it is chunked by paragraph, page, speaker, field, timestamp, or image; when stale records remain beside updated ones; when embeddings blur names or places; when rerankers privilege recent, popular, or licensed sources; and when the answer interface hides the sources it did not retrieve.

Loukissas gives language for refusing the split between technical and social explanations. When a system succeeds, its success depends on local work. When it fails, the failure is often local too: a category that never fit, a sensor that missed the important event, a transcript that mangled speech, a form that forced people into the wrong field, a dashboard that converted uncertainty into color.

Recursive Reality

The book becomes most relevant when data stop merely describing institutions and begin governing them. A collection makes a place legible. The institution acts on that legibility. People adapt to the action. The adaptation produces new records. The next model treats those records as evidence. The loop then claims the authority of the world it helped make.

That loop is visible across contemporary AI systems. A platform ranks content, creators optimize for the ranking, and the optimized content becomes the platform's evidence of user preference. A school measures learning through machine-readable artifacts, students produce work for the artifacts, and analytics systems summarize the changed behavior as education. A workplace turns labor into tickets, commits, chat logs, keystrokes, and productivity metrics, then trains tools that define good work through the trace left by earlier tools.

This is not just feedback. It is setting conversion. A record created to support one practice becomes a rule for reshaping that practice, and the reshaped practice produces cleaner records for the rule. Once that loop is running, local knowledge can be displaced by the behavior that best satisfies the measuring interface.

All Data Are Local helps slow that loop down. It asks where the data came from, but also where the data returned. Did a model simply learn from a setting, or did it begin to manage the setting? Did an archive preserve local knowledge, or did an interface flatten it into a portable signal? Did a data set support public understanding, or did it become a control surface?

Governance and Safety

As of June 25, 2026, the governance vocabulary had partly caught up with Loukissas's warning. Article 10 of the EU AI Act requires high-risk AI systems that use training, validation, or testing data sets to apply data governance and management practices appropriate to the intended purpose. The official AI Act Service Desk text names collection processes, origin, original purpose for personal data, annotation, labelling, cleaning, updating, enrichment, aggregation, assumptions about what the data are supposed to measure, bias examination, mitigation, and relevant data gaps.

Article 10 also says data sets should account for the specific geographical, contextual, behavioural, or functional setting in which the high-risk system is intended to be used. That sentence is the legal version of the book's core discipline: a dataset that works in one setting can mislead in another. A hiring model, benefits system, classroom analytics tool, medical triage product, or policing dashboard cannot safely inherit records as if they were universal facts.

Article 53 and the European Commission's July 24, 2025 template for public summaries of general-purpose AI training content move the issue upstream for model providers. A public training-content summary is not the same as a complete data setting, but it creates a baseline expectation that training content has a describable origin, scope, and structure. NIST's AI Risk Management Framework supplies a broader lifecycle frame: govern, map, measure, and manage risks across design, development, use, and evaluation. In local-data terms, "map" means more than drawing a system diagram. It means mapping the setting that made the data meaningful.

Security guidance now points the same way. The May 2025 AI Data Security guidance from NSA, CISA, FBI, and international partners treats the data supply chain, maliciously modified data, and data drift as core AI security risks. Its practical recommendations include reliable sourcing, provenance tracking, cryptographic integrity checks, secure storage, and logging the path data follows through an AI system. That turns data setting from a humanities insight into an operational security control.

Dataset documentation practices make this operational. Datasheets for Datasets asks dataset creators to document motivation, composition, collection, preprocessing, recommended uses, and maintenance. Data Cards treat documentation as a human-centered product for multiple audiences across the dataset lifecycle. The Data Provenance Initiative's audit of more than 1,800 text datasets found severe licensing and attribution gaps, including many unspecified or miscategorized licenses on dataset-sharing platforms. Those findings make Loukissas's argument concrete: local data settings disappear not only philosophically, but administratively.

MLCommons' Croissant work shows how this problem is moving into metadata infrastructure. A dataset can carry machine-readable fields about creators, licenses, distributions, variables, provenance, loading instructions, and usage restrictions. Croissant 1.1 adds machine-actionable provenance and structured usage policies, which is useful for procurement and audit, but it is still only an artifact. Metadata can be stale, copied, incomplete, or contradicted by the source setting. A setting-fit review should therefore test metadata against source evidence rather than treating a well-formed card as truth.

The practical governance test is a setting-fit review. Before an institution buys, builds, or launches a model, retrieval system, dashboard, or automated decision workflow, it should ask whether the data setting matches the deployment setting. If the answer depends on a vendor assertion, copied metadata field, or broad category such as "web data," the system is not ready for high-impact use. Procurement files, algorithmic impact assessments, audit trails, and model documentation should preserve the same chain: origin, transformation, interface, intended use, disallowed use, affected population, and recourse.

A setting-fit review should be versioned, not treated as a one-time signoff. It should record the source setting, transformation setting, interface setting, deployment setting, monitoring trigger, and correction path. If a data pipeline changes units, labels, geography, collection method, retention rule, ranking policy, or user population, the old review no longer describes the system that is acting.

The practical artifact is a data-setting file. It should name the source authority, original purpose, collection instrument, population covered, people excluded, schema and category definitions, consent or legal basis, transformation history, joins and enrichments, inferred fields, update cadence, retention limits, known gaps, interface choices, permitted and prohibited uses, deployment setting, reviewer, recourse route, and retirement trigger. That file belongs beside AI data provenance, training-data governance, AI system inventories, and AI audit trails.

The safety implication is plain. High-impact AI deployments need data-setting records: source and authority, collection purpose, instruments and interfaces, category definitions, excluded populations, update cadence, transformations, known gaps, consent or legal basis, permitted uses, contestation path, and the downstream action the system will take. Without that record, a model can turn local traces into portable authority faster than affected people can explain why the trace is wrong.

For public agencies and high-impact private systems, part of that record belongs in public-facing registers. The public layer does not need raw personal data, model weights, or security-sensitive source paths. It does need to say what data asset exists, what decision it supports, who maintains it, when it was reviewed, what limits are known, and how an affected person can challenge the record.

Where the Book Needs Friction

The book predates the current foundation-model boom, large-scale generative AI deployment, data-center politics, synthetic media pipelines, agentic tools, and the regulatory fights around training-data disclosure. Readers should not expect it to answer those questions directly. Its examples are data studies examples, not frontier-model governance cases.

There is also a risk in making "locality" too elastic. If every record has many attachments to many places, the word local can begin to mean context in general. The practical value comes back when the reader asks specific questions: which instrument, which institution, which audience, which interface, which update practice, which field, which excluded person, which future decision?

The book is strongest as an inspection habit, not as a total theory. It does not replace political economy, labor analysis, privacy law, civil-rights enforcement, infrastructure governance, or security engineering. It gives those fields a missing first move: do not let a data set enter the room as if it had no biography.

Locality also should not become a veto against generalization. Science, public administration, and civil-rights enforcement often need portable categories, shared records, and comparable measures. The question is not whether data may travel. The question is whether the travel preserves enough memory for people to know what the data can no longer honestly claim.

Another friction point is disclosure. Documenting locality can expose sensitive details about people, communities, workers, source systems, security posture, or trade secrets. The answer is not secrecy by default. It is access-tiered evidence: public summaries, buyer and auditor records, regulator access, protected annexes, and privacy-preserving correction channels that let important claims be tested without turning documentation into another harm.

What This Changes

Read in 2026, All Data Are Local turns into a simple audit question for AI systems: what is the data setting behind this claim, score, retrieval result, benchmark, or automated action?

That question should be asked before procurement, deployment, publication, and appeal. What was collected? Who collected it? Under what authority? For what original purpose? What instruments and interfaces shaped it? What categories did it impose? What local knowledge did it preserve or erase? How was it cleaned? What was joined to it? Who can contest it? What happens when the system acts on it and produces new records?

A serious review should return one of four outcomes: the setting fits; the setting fits only with documented limits; the setting does not fit and the system needs redesign; or the reviewer cannot tell because the evidence record is missing. The fourth answer should not be converted into trust by procurement pressure, vendor confidence, or a polished interface.

The book's deeper warning is about humility. Data can travel farther than the conditions that made it meaningful. AI systems accelerate that travel by turning situated records into general answers, predictions, scores, summaries, and actions. Good governance keeps the setting attached. Bad governance lets the interface pretend that the setting never existed.

Source Discipline

This review separates four kinds of evidence. MIT Press and the author page establish bibliographic details, the book's cases, and Loukissas's own framing. Reviews establish reception and limits. AI Act, European Commission, and NIST sources establish current governance context. Dataset-documentation and provenance papers establish technical-documentation practice and empirical gaps in the data ecosystem.

Those sources do not support a simple claim that every dataset is unusable outside its birthplace. They support a narrower and more useful claim: data can travel responsibly only when the receiving institution keeps enough setting attached to evaluate purpose, fit, consent, bias, maintenance, and contestability. The source discipline is also temporal: current legal and standards claims should be checked against official texts, while book interpretation should stay anchored in Loukissas's cases and stated principles.

Source discipline also means preserving artifact boundaries. A training-content summary is not a full data audit. A Data Card is not proof of lawful use. A provenance log is not a privacy guarantee. A security certification is not a civil-rights review. Each artifact answers a different question, and the review should say which question remains unanswered.

This article makes no claim that any AI system is conscious, divine, or AGI. It treats data systems as institutional machinery for turning local records into claims, scores, summaries, and actions.

Sources

Book links are paid affiliate links. As an Amazon Associate I earn from qualifying purchases.


Return to Blog · Return to Books