Government’s role in developing data trusts: insights from recent research and practice
What role should government play in supporting data trusts? In ‘Data: A new direction’ the UK’s Department for Digital, Culture, Media and Sport is seeking views about the policy interventions needed to encourage trustworthy data use through data intermediaries. Drawing lessons from recent work on data trusts, this post suggests three areas for action.
In September 2021, the UK Government published a consultation on proposals to reform the UK’s data protection regime. With the aim of creating “an ambitious, pro-growth and innovation-friendly data protection regime that underpins the trustworthy use of data”, the consultation is seeking views on which strategies can encourage data-enabled innovation across sectors, while maintaining high data protection standards. Reflecting growing interest in their role as data stewards, data intermediaries – and the role of government in supporting them – feature prominently in the areas considered by the consultation.
This focus on data intermediaries as a solution to current data sharing challenges aligns with policy developments we’ve seen across the world (and explored previously on this blog). The EU’s Data Governance Act has been developing a framework for governing data intermediaries, putting in place safeguards to ensure that they remain a neutral platform for data sharing, that participants have mechanisms to hold intermediaries to account if they fail in their services, and that they meet minimum standards for access and participation. India’s Committee of Experts on Non-Personal Data has been exploring how data intermediaries could provide a tool for communities to exert their data rights, and whether government should be able to mandate data sharing. And a series of consultations in Canada have investigated what interventions could strengthen existing data rights or increase the enforcement powers of regulatory authorities.
Data trusts are a form of data intermediary. Drawing from recent work by the Centre for Data Ethics and Innovation, the UK Government describes their role as providing “fiduciary data stewardship on behalf of data subjects”. This builds on research by the Ada Lovelace Institute and AI Council, which considered that “the distinctive elements of this model are the role of the trustee, who bears a fiduciary duty in exercising data rights (or the beneficial interest in those rights) on behalf of the beneficiaries, and the role of the overseeing court in providing additional safeguards.” In line with recent papers by the Global Partnership on AI, at the Data Trusts Initiative we see data trusts as playing a particular role in empowering individuals and communities to set the terms of data use by engaging a trustee to act on their behalf.
Even amongst data intermediaries, the data trusts community is nascent. A recent survey by the Open Data Institute and Aapti Institute found that 80% of data trusts projects were less than 5 years old or yet to be operational. As research and practice in this area evolve, there remain a lot of areas where our understanding of how to operationalise data trusts are in flux. This time last year, the Data Trusts Initiative published our first Working Paper investigating where further insights were needed to move data trusts from theory to practice. This highlighted a number of core areas where further insights where needed – about where data trusts fit in the wider governance landscape; what safeguards can help ensure accountability; which interventions can increase accessibility; and what business models can ensure sustainability. The research projects we’re supporting are investigating these areas in further detail.
While the community is making progress in understanding these issues, lots remains uncertain. In an environment where knowledge and practice are in flux, and the role of government is not clear, what action can policymakers take?
One approach to answering that question is to look for ‘no regrets’ steps – policy interventions that can be made now in the context of high uncertainty, because they deliver benefits across multiple future pathways for the development of data intermediaries.
Recent insights from our research projects, and work by our partners in the community including the Global Partnership for AI, Open Data Institute, and Aapti Institute, point to three areas where government intervention could support the development of data trusts on a ‘no regrets’ basis:
Creating an enabling environment;
Securing the legislative foundations; and
Developing safeguards for innovation.
Creating an enabling environment. Data trusts – and other data intermediaries – are one component of a wider data sharing ecosystem. Their success will rely on enablers from that ecosystem – enablers that boost individual, organisational and societal ‘data readiness’. Individuals will need data literacy skills to help make sense of the ways in which their data are used, and to assess the value propositions of different data intermediaries. Organisations, meanwhile, will need sufficient data maturity to be able to make use of potentially valuable data they hold. This wider environment is shaped by policy levers – in education and skills; data standards and sharing policies; and support for businesses and civil society – that government can use to create an enabling environment for data intermediaries.
Securing the legislative foundations. Data rights and the ability to implement a regime of strong fiduciary duties are a prerequisite for data trusts (explored in more detail by the Aapti Institute here). While the UK’s current data rights regime does make provision for a range of data rights, we repeatedly see questions about the extent of those rights, the ways individuals can exercise them, and what types of fiduciary duty can be supported by different legal mechanisms. When reviewing the UK’s data protection regime, there is an opportunity for Government to bolster the legislative foundations that will enable data trusts, by clarifying the scope of current data rights and enhancing enabling rights, such as portability. For example, action now to clarify which data rights can be mandated to a data trustee (and under which conditions) would help resolve some of the uncertainties that data trust pioneers are navigating.
Developing safeguards for innovation. Central to the next phase of developing data trusts will be innovation in operational strategies, as practitioners figure out ‘what works’ in terms of defining, implementing and sustaining these new forms of data stewardship. This process may test the boundaries of current regulatory regimes; it may also highlight a range of new failure modes for data stewardship, or create new vulnerabilities or forms of exploitation. An important area for attention is the development of safeguards that can support innovation while managing risk to individuals, and while allowing unsuccessful projects to fail safely. This may require regulatory testbeds, forms of assurance or codes of conduct, or interventions that ensure no section of society is left behind from the benefits of data trusts (or disproportionately exposed to risks).
As the community matures – and specific regulatory needs become clearer, either in relation to data trusts themselves or their application in specific sectors – the data trust policy agenda will expand. In the meantime, these ‘no regrets’ steps offer a route for Government to start building the data trust policy environment now, taking an adaptive approach to policy and regulation as the pathway for developing this form of data intermediary becomes clearer.
Jess Montgomery (17 November 2021)