When a group of people collectively decide to organize a system to govern a shared data resource and their use of it, a data commons arises. A data commons is a system of stewardship through which data resources are managed involving processes of sustainable and ethical production, use, re-use, and redistribution — and governed through collaboration among stakeholding users and/or data producers.
In this system of stewardship, how do stakeholders govern themselves? What drives their endeavour? How do they make decisions? How do they make sure conflict does not tear them apart?
The answers to these questions will look different for every data commons. Some might seek revenue by selling insights based on the data, while others might want to share it openly, and yet others might want to keep most of the data private or impose copyleft-like or non-commercial conditions on re-use. They may also use different mechanisms to make decisions, which raises questions about decision-making processes, delegation of responsibility, and sanctions for improper use. Some data commons may have members who vote on the important questions, and others might elect representatives to help manage the day-to-day.
Despite a wide range of possible organizational structures, it is possible to identify some core principles that characterize healthy commons — in order to guide the stakeholders of a data commons through the process of designing and adapting their institutional arrangements accordingly.
Fortunately, we do not have to start from scratch. We can use the foundation laid by Elinor Ostrom in her seminal work on commons governance and pull from her empirical study of how communities stewarded both physical and, eventually, information-based commons. This work focuses on the regenerative and sustainable potential of commons governance, in contrast to the oft-touted ‘tragedy of the commons’, and identifies practices shared by successful and enduring commons. In the past few decades, the eight principles that she and her collaborators have put forth have acted as a starting point for determining appropriate governance strategies for a range of collectively-governed resources, including extending these principles to purely digital spaces such as open-source software and digital public goods.
Building on this work, we here present an attempt to translate these principles to the specific case of data commons, bringing them down to earth in tangling with questions of ownership, storage, use, privacy, and regulation. In conversations with practitioners and community members, we’ve found that there is a desire to apply the tenets of commons-based approaches, but there still exists a usability gap with the principles as articulated. Thus, our translation includes not only a treatment of the principles themselves, but also a set of accompanying questions, to steer communities in productive directions as they negotiate the tradeoffs and nuances of dealing with data commons.
This body of work relies heavily on previous efforts to translate Ostrom’s design principles to the contexts of data commons by the Ada Lovelace Foundation. In addition, we were heavily inspired and influenced by earlier work done by SustainOSS that embarked on a similar translation of the design principles focused on the governance of Open Source Software projects.
The two tables are variations on the eight design principles laid out by Ostrom. The first tables contains questions, translated from the design principles, that help those building or managing data commons to plan and evaluate their governance structure using each principle. The second table delves into the nitty-gritty of governance design. It walks through a series of questions related to specific layers of the governance puzzle. In constructing a data commons, it is key to note that it is not only the data itself that needs rules and monitoring. There are many other components as well. For instance, how will you handle money and shared values? How will you value contributors’ time? How are contributors to your community forum expected to behave? We created a separate set of questions for each of these layers, corresponding to each design principle.
Individuals who have rights to appropriate resources must be clearly defined, as must the boundaries of the resource itself.
Your data commons is bounded by a well-defined purpose, a set of values you prioritise, a well-scoped mission, and a clear sense of who you are doing this with and for. Together, these determine who can contribute, access, and use the data resource or make decisions about it. It also helps determine the shape and context of the data resource itself.
Rules are appropriately related to local conditions (including both regarding the appropriation of common resources — restricting time, place, technology, quantity, etc.; and rules related to provision of resources — requiring labor, materials, money, etc.)
The various resources the commons stewards, such as data, people’s time, funding, as well as the organisation itself, have appropriate rules to describe how they can be used and under what conditions. In general, the rules should ensure that those who contribute resources benefit from their contribution and that harms from the use of resources are curtailed.
Effective monitoring by monitors who are part of, or accountable to, the appropriators. This means that compliance with the rules established is monitored and that users of the commons have an active role in monitoring compliance. With regard to data commons, this includes monitoring of data production processes — ongoing validation of data integrity, verification of data quality, — as well as monitoring data access and use.
There is a scale of graduated sanctions for resource appropriators who violate community rules. This principle refers to the set of accountability measures that should be in place to guarantee rules are enforced. However, the focus on graduated sanctions implies that not every violation of a rule is treated the same and, for instance, intent and harm are taken into account when applying sanctions.
Appropriators and their officials have rapid access to low-cost local arenas to resolve conflicts among appropriators or between appropriators and officials.
When conflict arises in a data commons, there needs to be an effective, inexpensive, and otherwise accessible way to handle that conflict. In addition, a data commons needs to decide and make clear which conflicts will be handled internally and which ones should be resolved externally, for instance by going to court.
The rights of a community to devise and govern its own institutions is recognized by external authorities. In the context of data commons, this principle encourages us to understand how far the decisions we make about the collection and use of data are in line with, for instance, data protection regulations.
Appropriation, provision, monitoring, enforcement, conflict resolution, and governance activities are organized in multiple layers of nested enterprises.
In relation to data commons, this principle can refer to a possible need for one data commons to interoperate with another, or to break-up one large commons into smaller, nested commons that interoperate with one another. Doing so would allow each smaller commons to make decisions that better reflect their circumstance and match a narrowly defined purpose.
Review questions for data commons
Anouk Ruhaak, Senior Fellow Mozilla Foundation and Visiting Scholar, Ostrom Workshop at Indiana University Bloomington
Greg Bloom, Visiting Scholar, Ostrom Workshop at Indiana University Bloomington, founder of the Open Referral Initiative
Gary Motz, Head of Information Technology, University Collections, Indiana University
Dr. Angie Raymond, Director, Program on Data Management and Information Governance, Ostrom Workshop, Indiana University Bloomington
Divya Siddarth, Visiting Scholar, Ostrom Workshop at Indiana University Bloomington and RadicalXChange Foundation
Willa Tavernier, Research Impact & Open Scholarship Librarian, Indiana University Bloomington
Melanie Dulong de Rosnay, Director CNRS Center for Internet and Society