What is a data trust?

#framework #rights #theory

A data trust is a legal relationship where a trustee stewards data rights in the sole interests of a beneficiary or a group of beneficiaries. When a person or group hands over their data to a trustee, it means the trustee has a fiduciary duty to act according to predefined terms and conditions and never in their own self interest. Data can be pooled from different sources, and a trustee can negotiate access by others on behalf of the collective. As a legal framework, trust law only exists in some parts of the world (including, the UK, US, and Canada) but fiduciary duties often still exist outside of trust law jurisdictions, for instance when a legal representative handles the estate of a deceased person on behalf of a group of specific beneficiaries. The idea of ‘a trust’ for data is exciting to many scholars, because it could help establish a clear ‘fiduciary’ responsibility for companies or organizations that handle data. It's an instrument that “uses private law infrastructure without being overly dependent on government action,” writes Sean McDonald. Aspirationally, civic data trusts could help shift power to protect people from vulnerabilities resulting from personal data with a clearly stated purpose to benefit a certain community. As a counter example, a company like Facebook protects the interests of its shareholders above those of the people whose data they collect. There have been experiments with data trusts in both the public and private sector, but this is a truly nascent approach so examples are sparse. Trustlike frameworks have occasionally been used for medical research to handle patient data privately. One famously controversial proposal for an ‘urban data trust’ as part of Alphabet’s Sidewalk Labs in Toronto, Canada was ultimately abandoned. From 2017-2020 a number of landmark scholarly texts have helped popularize the term, but definitions are still not uniformly agreed on. Occasionally they even veer towards more general concepts of data stewardship, so even if something is called a trust it might not actually be one. Meanwhile, significant questions remain about which laws are compatible where (for either ‘data’ or ‘rights to data’) and how to govern or hold trusts truly accountable. Conceptually, would there be many trusts that compete with each other? How would a trust exercise collective bargaining power? Could data collectors themselves ever be reliable trustees? These are ongoing theoretical discussions. How do you distinguish a data trust from a different type of trust that also holds data? A growing list of nonprofit organizations and government research groups are invested in answering such questions and understanding the potential of trusts, including the Open Data Institute (ODI) with lessons to share from three pilot projects in 2019.

Staying true to a mission of corporate transparency

OpenCorporates is the largest open database of companies in the world. They openly publish the financial and legal data of more than 1,8 million companies, selling expanded data access to paying subscribers. A trust oversees the management of OpenCorporates as a public-benefit business with a mission centered on corporate transparency. It does not neatly fit the definition of a data trust above, but it is a related example, for lack of many others.

Literature reviewed for this section

This is part of a broader movement for a healthy internet. See more.