data trusts: old tool, new purpose

On its own, data is a little mundane i.e. bits and bytes, and rather worthless.? Data, however, very rapidly gains value through connection and context. This is what motivates most groups to want to mine data for monetary value; hidden from sight from many who do not understand or realise its potential. Perhaps hence, & for the most part, its value has gone unnoticed, ungoverned and ignored; and is often contained, conflated with the notion of the need for privacy.

Allow me to illustrate this with a couple of thoughts; & muse around the concept of the 'data trust' as a likely way forward.

A map (illustrated below, from 2018) of citizens (or people) who trust doctors and nurses (by country), is often also a proxy of how dependable professionals are, as perceived by the general public (or customers, people, the person on the street).

After all, these same folk (doctors and nurses) are custodians of what many of us consider our most private information, our personal health records. Information however, that we will readily provide in exchange for advise on, in some cases, matters of life and death. After all, what 'choices' exist when, lying in bed with that painful (*&%, the physician administrator asks if we allow the doctors to view our clinical record. A patient has little by way of bargaining power in this scenario, when it comes to the use of clinical data.

Whilst it is true that we, as individuals, are primarily responsible for managing and protecting our own privacy; it is also true that none of us really, really have much control at all. Similar to the situation in the clinic, where the context demands (that is relative urgency - a medical emergency and barely sufficient time). And in the most general context, before browsing an article online, many of us don't take the time nor can be expected to read the lengthy terms and conditions or evaluate all the risks every time we use a service. "That’s like asking each of us to assess whether the water we drink is safe every time we take a sip.", someone wise once said. So, we end up saying 'Yes'; and then hoping for the best. Or, depending on & leaving the decision those who actually know.

So, what if we had someone to stand up for our data rights, an equivalent of a doctor to make smarter data decisions on our behalf, with our interests at heart?

This has led to the concept of a trust (as in concept if a fiduciary?relationship in which one party, the trustor, gives another party, the trustee, the right to traditionally hold title to property or assets?for the benefit of a third party, the beneficiary). Or, more specifically, the concept of a data trust. In a data trust, trustees would look after the data or data rights of groups of individuals. And just as doctors have a duty to act in the interest of their patients, data trustees would have a legal duty to act in the interest of the beneficiaries.??Theoretically, a trust could allow a group of individuals to pool their data and make it available for common interests, such as medical research, that benefit many instead of one organisation's interests or bottom line.? Other possible structures (or mechanisms), include data cooperatives and data unions, that could tackle similar problems in different ways. Together, these old but revived governance models could help us regain control of our data, enforce our rights, and ensure that data sharing benefits us all. Are they sufficiently dependable?

The structure and function of a data trust is relatively nascent. So, what may this structure look like in practice? As an imaginary example, groups of a social media group of users could create a data trust. Its trustees would then determine under what conditions the trust would allow the company to collect and use the trustee’s data. And the same trustees could, for example, set rules about the types of targeting or activity types allowable or not; with the rights to retract its use in cases where it felt was necessary. Data trustees could weigh individual interests against collective benefits and harms; and take the side of the collective. The same trust could negotiate terms and conditions on its trustees behalf allowing it to exercise the rights as producers of data.

If data trusts existed, it would certainly level the playing field. But, why would data hungry companies agree to this? This only serves to skew the balance against their needs. Utopia for the rest of us? Not quite.

The creation of a trust is the easy part, along with the introduction of the concept. Unresolved challenges remain. These challenges lie in the governance of data collection and use of personally identifiable data; maintenance access to de-identified data; licensing of data derived and exemptions for the use of this data remain unsettled. And, does the use of a data trust raise even more significant or, unsurmountable set of governance challenges? Especially as the thought of monetising data is introduced, along with greed as an alternative motivation? And what role does government play in this public good or asset called information?

.. devil is in the detail.

Allow me to indulge. First, there is data collection and use. What is collected is quite separate to what is used. Data collected that is ‘personally identifiable’ under privacy law, or 'not public', but the meta data subsequently processed & used could be. The second conflates several theories of data ownership, ultimately leaving the most sensitive data outside of trust protection. As the role of the trust is to index, host, and maintain public access to it; its use may be subject to audit, investigation, and enforcement. Then the trust is also limited in its ability to effectively enforce governance, especially as the scope of data collection and use is never constant. The “openness” of the data often affects how effective “managing” that data is. These functions are separate, and sometimes in direct conflict; and this limits the data trust’s access to management and enforcement powers. Finally, the data trust often has an ambiguous palette for resourcing, investigatory powers, and punitive authority. (also what are the potential challenges in conflict of interest when it comes time to additionally monetise existing data? .. but let's not confuse this further), And last but not least, this also varies by culture (and hence country) generally, as we have seen in the map above, in the way people view trust and of the professional community.

Is this an idea just waiting for someone to pick up and organise? Perhaps. The motivation behind it is neither 'benevolent or altruistic', nor is it 'economic or commercial'. Perhaps it's just a necessary cost if we want to preserve our privacy. (or is it?)

Selected References

Hardinges, J., "A data trust provides independent, fiduciary stewardship of data", Open Data Institute, Acc. 20 Jun 2021

Zarkadakis, G., ""Data Trusts" Could be the Key to Better AI", Harvard Business Review 10 Nov 2020, Acc 20 Jun 2021

Delacroix, S., Lawrence, N.D., "Bottom-up data Trusts: disturbing the 'one size fits all' approach to data governance", Oxford Academic, Acc 20 Jun 2021

Note: The views expressed in this article are my own, and do not reflect that of the company I work for, or the people I work with.