The imbalance of information and power between data subjects, those that provide personal data, and those that seek to exploit personal data, is often the root cause of many data issues. Private and public sector organisations alike are increasingly focused on how ethics may be applied to ameliorate these causes and provide a framework for good governance. One such model being explored is data trusts, which look to balance data commercialisation with ethical stewardship and consumer choice.
What are data trusts?
Data trusts are not trusts in the legal sense. Rather, they seek to replicate certain structural and governance features of trusts in bespoke contracting and corporate models. By introducing third party control, data trusts facilitate a more independent and transparent management of data, and the decisions that are made using it.
In practice this means that instead of organisations automatically becoming custodians of the data they collect, they permit a data trust to make decisions about its storage, security, use, disclosure, retention and divestment. Managers of a data trust, or “trustees”, are obliged to make responsible decisions regarding the data that fairly balance the interests of stakeholders, including the organisations collecting the data, users of the data and the people or processes from which data is collected.
Data trusts come in various forms and can cater to diverse sectors and objectives. In terms of participants, data trusts could be set up to benefit a single organisation, a group of organisations, or be a collaborative venture to benefit multiple organisations in the same industry. Structurally, some organisations and use cases may require the additional fiduciary duties that a separate legal entity may provide, while other circumstances may better call for a sophisticated contract clarifying roles, rights and obligations.
What opportunities do data trusts present?
Data trusts have broad potential applications in commercial, regulatory, and social contexts.
Commercially, data trusts could benefit businesses at various stages of their lifecycles. For example, large organisations could use data trusts to not only fulfil expectations of good data governance, but also to achieve better operational visibility of data. Groups of small businesses could also draw from shared information to help accelerate and improve their respective businesses, without the overhead expenses being borne by any one business.
In the regulatory context, data trusts are already being used to manage obligations under data protection and privacy laws around the world. One example is Trūata, a data trust that has IBM and MasterCard as foundation participants, which allows clients to draw critical analytics from customer data without falling foul of various national and regional privacy frameworks. Trūata collects de-identified customer data from clients then processes it through rigorous anonymising and privacy testing processes, before providing analytics back to the client in a manner than reduces the likelihood of data re-identification.
Public sector and not-for-profit organisations can also utilise data trusts to extract valuable learnings from data in a way that creates more distributed outcomes for stakeholders and safeguards personal privacy. For example, the Open Data Institute (UK) has recently worked with WILDLABS Tech Hub to set up a data trust for use in combating the illegal wildlife trade. By sharing image, sensor, acoustic and invoice data, the data trust helped train algorithms to assist both border staff and rangers identify instances of illegal wildlife hunting or trade. Data trusts in this space can help manage competing interests on best use of the data and achieve more sustainable outcomes model compared with legacy data-sharing models.
While data trusts are still in the early days of exploration and commercial roll-out, they seem poised to encourage more transparent, accountable and sustainable relationships within our ever data-driven world.
Authors: Andrew Hii, Claire Arthur and Bryce Craig