You click onto a new webpage and are immediately greeted with a pop-up notice. The notice fills the screen and halts scrolling until you provide an answer – do you give the webpage consent to access particular data, following which you can read its contents, or do you exit straight away before making the decision?
Interested in finding out more, you click the accompanying link, which takes you to a page filled with vast terms and conditions. You let out a familiar sigh. There is no chance that you will properly read them.
We are constantly faced with the choice of whether to grant access to our personal data. Such is the frequency of the situation that, when we do consent to access, it is unlikely that we have reviewed the terms sufficiently enough to have any idea what the consequences will be. Thus, when required to interact with the data ecosystem, we are immediately filled with doubt and mistrust.
In the interest of overcoming this great trust gap, the World Economic Forum (WEF) released an Insight Report in February 2022 which explores the opportunity to use data intermediaries to advance digital agency and improve data sharing.
So, you think you know what a data intermediary is?
Though the name may give some indication of the function, there are a variety of data intermediary models that currently exist at the ‘business-to-business’ level:
Data stewards: A data steward manages data rights and data reuse, identifies opportunities for cross-sector collaboration and responds to external requests for access to data, insights or expertise.
Data stewards can take a variety of forms, such as an organisation leader (for example, a chief data officer), a team within an organisation, or even an external entity with duties to act in the interests of a data rights holders.
Digital fiduciary: Similar to data stewards, digital fiduciaries assist individual clients to manage their digital selves. This requires the digital fiduciary to uphold the traditional fiduciary duties of care (by doing no harm) and loyalty (by not acting in conflict).
The WEF suggests that the fiduciary duties could be more expansively defined in this context to require both the enhancement of clients’ digital experiences and active promotion of their interests.
Data trust: A data trust is a repeatable framework of agreements based on trust or contract law, allowing data rights holders to delegate control of their data to a trustee.
The trust pools individuals’ power (i.e. that of the controllers of data) and the trustee (i.e. a third party) acts as an agent to make certain decisions about use or onward supply of data on their behalf, in the furtherance of stated purposes. The trustee is bound by the fiduciary duties mentioned above.
Data collaborative: A data collaborative is a data sharing relationship that can take many forms, such as public interfaces, a trusted intermediary, data pooling, research and analysis partnerships, prizes and challenges, and intelligence generation.
Data collaboratives encourage data sharing by enabling public interest use of previously siloed data. This most commonly occurs where private entities share data with the public sector or public interest groups. Incentives for sharing include reciprocity in data access, research insights, reputation, and revenue through data collaborative agreements.
Data cooperative: A data cooperative is a network of agreements between peers with mutual interests, allowing data resources to be pooled. Members provide data and are responsible for its stewardship, and the data follows members in and out of the cooperative.
Data commons: A data commons is a network of relationships between data rights holders who have equal rights to a common, invisible data resource. The data resource is undivided and remains unchanged regardless of member movement.
Where do they fall short?
Although data intermediaries have the potential to improve the data sharing experience of users and businesses alike, this potential does not yet outweigh the shortcomings of such technology – at least until we all live in web3 (see below).
Two immediate issues come to mind.
1. User engagement
The WEF perhaps too readily assumes that the benefits of using data intermediaries mean that they will be widely embraced by users. One key ambiguity is what information data intermediaries will require from users to operate effectively. We expect they would need to ask more than a handful of simple questions, which may create a considerable barrier to user engagement.
We have all undoubtedly become accustomed to high levels of convenience in the digital sphere, with users constantly seeking to achieve their online goals with the minimum number of clicks. With this in mind, data intermediaries would need to operate with a very low level of user input, or otherwise risk being perceived as too tedious to engage with. Such low levels of input may compromise the data intermediary’s ability to act consistently in the interests of its users.
2. Attribution of liability
Though the report highlights liability as a ‘tricky question’, it fails to resolve the issue. The involvement of data intermediaries as the holders and managers of significant masses of data introduces a range of risks, which require safeguarding against.
On the one hand, the use of data intermediaries that involve trust or contract law may enable the clear determination of liability, particularly as the fiduciary duties apply. On the other hand, more work will be required to assign responsibility where the relationship between user and data intermediary is less clearly defined.
Interestingly, the WEF suggests:
“Under certain limited circumstances it may be appropriate to establish a special regime for reduced liability for those entities that voluntarily accept the fiduciary duties of care, loyalty and confidentiality vis-à-vis their customers or patrons, and adhere to strict human-centric criteria. These entities would by design be required to go above and beyond current legal data protection and privacy requirements.”
That would require legislative change – but should public policy be so forgiving? The management of highly valuable data necessitates an environment in which data intermediaries act with the highest level of controls and protections. Liability should be significant where data intermediaries fail to apply user preferences correctly, regardless of their operating principles.
The path to achieving the widespread adoption of data intermediaries remains sizeable. As the WEF concludes:
“The concept of digital agency is effectively in policy “beta” mode and therefore requires testing from all stakeholders. Only when the concept is tested will it be possible to unearth the solutions that society will demand to advance towards trusted digital agency.”
Maybe the data intermediary is an idea ahead of its time – or more accurately, ahead of the next internet generation. The internet in which we currently live, often called web2, has turned out to be a more centralised environment with integrated providers who can offer consistency and ease of use across a range of apps, operating systems, and search: but which some, including the ACCC say, comes at the cost of intrusions on data privacy and limited competition. Retrofitting web2 to insert a new functional layer of intermediaries between users and these providers is inherently tricky.
Web3 is, by philosophy and architecture, a decentralised, user-driven model. In the web3 environment, users both can more readily control their personal data and receive compensation when it is used by a centralised app working in that environment. Within this architecture, new businesses such as Profila can emerge to manage information on behalf of users. Profila boldly promises:
“People create and manage the most accurate information about themselves and have complete control over which brands have access to it. Brands, in turn, gain access to evergreen data more valuable than those based on surveillance and observed behaviour.”