Italy as a Testbed for an Urban Data Trust in Europe
One type of particularly valuable data for a city and its people is mobility data. Such data can help the municipality develop urban intelligence solutions that offer safer and more equitable cities, decreasing costs and improving urban connectivity. Today the holders of the vast majority of mobility data are private service providers such as ride-sharing companies. Private companies can use citizens’ personal data for profit only, while the individual is rendered next to powerless in the exercise of their data privacy rights.
As a consequence, privacy, and the protection of personal data in continental Europe remain mostly formal entitlements with no practical purchase. If unmediated, city administrations’ craving for mobility data owned by the private sector can also translate into outright power grabs and privacy violations.
For example, in the United States, the Los Angeles Department of Transportation (LADOT) has deployed a protocol for mobility data called the “Mobility Data Specification” and has further created an Open Mobility Foundation with a group of stakeholders to manage the specification standard and advocate for its adoption beyond LA. The LADOT system has been challenged in court by both rideshare companies (initially led by Uber) and civil rights advocacy groups (led by the American Civil Liberties Union) on privacy grounds. The LA dispute reveals a clear need for data governance input in this process, and mobility data trusts as one example of an urban data trust could provide a solution.
Known power asymmetries between data controllers and data subjects show that individual data rights can be exercised best collectively. Urban Data Trusts position themselves as an intermediary between the city and its people offering access to mobility data and more efficient use of data privacy rights vs private companies who do not necessarily take into consideration the common good.
Here we explore the legal modalities of setting up data trusts in big urban centres with a focus on the Italian context.
Setting up a Data Trust in Italy
- Two Legal Pathways
In Italy, a trust is a fairly used legal tool. There are two ways of establishing it: under foreign law (trust interno), and under an Italian doctrinal construction not yet passed as law but already in use (contratto di affidamento fiduciario).
a. Italian Trusts under Foreign Law
Unlike other civil law countries that encounter difficulties in adopting the common law instrument of the trust in their jurisdictions, Italy allows for the possibility of setting up trusts governed by foreign law. After becoming a signatory of The Hague Convention of July 1st of 1985 on the Law applicable to Trusts and on their recognition, Italy recognizes foreign trusts. Although said convention did not explicitly mandate the recognition of foreign trusts in countries that do not have that category (see Article 13 of the Convention), Italy went further in transposing international law. It allowed for the internal recognition of trusts whose significant elements are based in Italy but whose applicable law is not Italian. Thus, English law has been frequently used to create trusts in Italy. This legal specificity could possibly be used for establishing also a data trust. The well-spread use of trusts established under foreign law in Italy along with accumulated case law on the matter could help ensure legal certainty.
b. Trust-like legal instruments in Italy (Contratto di affidamento fiduciario)
Scholars have gone further in theorizing the common law of the trust for Italian purposes: under a contratto di affidamento fiduciario in a trusteeship agreement, “settlor” and “trustee” can agree on a programme which the “trustee” undertakes to implement by using one or more assets for the benefit of one or more “beneficiaries” for a period not exceeding 90 years. Uses of this type of a legal arrangement so far resemble the traditional uses of Anglo-American trusts in family matters. The advantage of using this legal route for setting up a data trust is that it could meet with more trust amongst the general public and perhaps better integrate into the rest of the Italian civil law system.
Holding (personal data) rights on trust in Italy
Italian doctrine supports the idea that a trust could have as its object (also) movable, fungible or non-fungible assets, receivables, financial instruments, stocks, assets and rights of all kinds. While the possibility of holding personal data rights on trust is not specifically foreseen by Italian law, importantly, a case of foreign trust has been examined by the Court of Milan,1 where intellectual property rights were held on trust and so was the right to privacy of the author.
without further discussing the implications of holding such rights on trust (Tribunale Milano Sez. spec. Impresa, 29/08/2018, (ud. 21/12/2017, dep. 29/08/2018), n.8768).
The General Data Protection Regulation (GDPR) that applies in Italy complicates the conferral or mandatability of personal data rights to a data trust. Conferral is not explicitly allowed nor excluded by the GDPR whereas under Article 80 of the Regulation mandatability is foreseen only for the so-called procedural or justiciable data rights (Art. 77-79 and 82 GDPR). Whereas the GDPR can be construed restrictively to preclude mandatability of other rights except for the ones specified, it could also be argued otherwise.
A wider interpretation of mandatability is supported by two instances of the Italian law supplementing the implementation of the GDPR.
-
The GDPR allows Member States to introduce specific provisions in relation to employment data (Article 88). The Italian data protection act expands data access for institutes of workers’ protection and social assistance “in relation to types of data specifically identified with consent by the interested party himself/herself” (Article 116).
-
The same law enables data subjects to exercise their personal data rights posthumously, so long as they have made explicit their intentions while alive.
These examples imply both the discretion of national legislators to set the boundaries of mandatability and the GDPR’s intent to enable mandatability.
Urban Data Trusts under Italian Constitutional Law
Finally, it needs to be said that the Italian Constitution presents a uniquely favourable framework for the development of urban data trusts in Europe. In Italy, metropolitan cities are explicitly mentioned in the Constitution. In conferring administrative powers to the Italian municipalities, Article 118.4 of the Italian Constitution favours the autonomous initiatives of citizens in the general interest of the city. The provision, also known as ‘horizontal subsidiarity,’ indicates that the entirety of decentralised organs of the state, including the municipal tier, are required to cooperate in the devolution of powers ‘all the way down’.
Making use of Article 118.4 of the Italian Constitution, numerous cities have opened the possibility to citizens to present projects and conclude pacts with the administration. Bologna spearheaded the process with a municipal ordinance about the collaboration between citizens and administration for the care and regeneration of urban commons which was later replicated and adapted in over 100 other Italian towns and cities. Based on such pacts, the municipality usually offers to cover some of the costs, provide experts and public space, and help with the promotion of the initiatives. Based on the municipal ordinance, in Bologna a pact for digital literacy has been signed between the administration and a social and cultural centre. The pact aims to develop some digital literacy activities to be offered to Bologna residents. The administration has committed to providing its media channel for promotion, offering training activities, and contributing financially.
In short, our survey of several European civil law jurisdictions revealed that the overall legal backdrop in Italy favours the establishment of a (mobility) urban data trust in an Italian city where the local administration may facilitate bottom-up uptake.
-
The trust was governed by US Law; the court in Milan recognized it ↩