Social Data Trusts: A Governance Model

Jessica Leblanc, TIESS

When it comes to implementing data trusts, Québec’s law contains a number of unique features and represents an exception in civil-law jurisdictions mostly because its Civil Code includes a trust-like institution: in French, a fiducie. One unique feature of Québec’s trust law occurs in the form of social trusts: a purpose-trust without designated beneficiaries. Indeed, this kind of trust exists for the sole purpose set forth in a binding legal document called a “Constituting Act.”

This blog underlines how social trusts are well designed for imagining and creating data trusts and how to implement data governance mechanisms into this legal framework. Our observations were made in the context of two pilot projects aimed at creating data trusts in Québec and will explore three features; a general interest purpose trust, flexibility within permanence, responsibility, accountability and trust.

 A general interest purpose trust

A social trust’s sole raison d’être is to pursue and achieve its purpose. In the case of a social trust, this purpose must be for social utility. What is social utility? Social utility is a purpose of general interest, including cultural, philanthropic, educational or scientific. The Civil Code of Québec provides that the main purpose of a social trust cannot be to make a profit or to operate a business.[1] A social trust can operate a business, but it must be solely to support its mission, not to make a profit.

The purpose of the trust plays a pivotal role in the governance of data trusts and defines future use of data as well as the conditions to access and share data with third parties. Trustees are bound by this purpose, and all their actions or decisions must comply with it. Any access given to third parties, any valuation of data or any sharing of data will always be justified by a general interest purpose.

Thus, drafting the purpose is a crucial step in the creation of any trust. Various purposes may be delineated, but coherence must be sought. The following are a few examples of purposes that may be specified:

●      To operate a secure platform [or by using another technological solution] to allow data sharing;

●      To enable the sharing of data between [specify the organizations] in order to promote innovation or development in the social economy sector;

●      To document and identify the determinants of social activities (consumption of specific goods, urban travel habits, etc.) in order to promote the development of the social economy;

●      To use data and artificial intelligence to find innovative solutions to challenges met by social economy organizations.

Although the purpose can be solely decided by the settlor, we suggest involving as many stakeholders as possible in this process, as well as representatives of civil society to ensure diverse representation and to enhance trust.

Flexibility within permanence

When dealing with technological platforms, standards and norms, along with anonymization and analysis of data, we must necessarily consider flexibility within the governance model. In this regard as well, Québec’s trust offers some interesting features.

Social trust is a private instrument, meaning that no particular law or public body monitors its creation, existence or functioning. A few rules can be found in the Civil Code of Québec, but the greatest part of the governance design is left to the imagination and the will of the settlor. This means that many kinds of trust, social trusts and social data trusts can be created, every one of which has its particular role, features and bodies of governance.

Such specificity allows for important flexibility in technological innovation and its governing ethical principles. This legal architecture reflects the alliance of flexibility and permanence by incorporating specific and non-modifiable legal duties for trustees while providing for the evolution of norms, ethical principles and standards. In this regard, trustees bear one permanent and mandatory duty: to constantly evaluate and ensure that these norms, principles and standards are in compliance with the best practices and the highest standards in terms of privacy laws that are in place at the time. This mechanism allows trustees to be held to a higher accountability than those operating under the current law in force.

The suggested legal architecture that allows that harmonization between flexibility and permanence is composed of:

1)    Laws. The Civil Code of Québec defines the concept of trust and its core elements, while the Act Respecting the Protection of Personal Information in the Private Sector defines the difference between personal and non-personal information and the obligations of organizations collecting personal data relating to privacy.

2)    Constituting Act. The Constituting Act is a binding instrument that defines the purpose of the trust, trustees’ duties and powers and the general governance model. As for the purpose of the trust, only the court “may [...] substitute, for the original purpose of the trust, a purpose as nearly like it as possible.”[2]

3)    Charter of principles. Adopting a charter that sets out the main principles of data governance and implements these principles is a crucial duty of trustees. A data governance charter of principles (or declaration of principles) is “an effective way to articulate and demonstrate adherence to a set of values or positions on data governance.”[3]

4)    Management framework: Under the Charter, trustees must adopt a management framework with mechanisms for accessing, sharing and protecting data and handling requests for the withdrawal of personal information.

Responsibility, accountability and trust

Trust law represents the highest level of duties that can be imposed upon a person in detention of the properties of others. Trustees are bound by duties of prudence and diligence and must act honestly and faithfully in the best interest of the purpose of the trust.[4]

Furthermore, trust law provides for additional monitoring and control mechanisms that ensure responsibility and accountability. In our opinion, this accountability reinforces trust.[5] We suggest that these mechanisms be implemented according to the following descriptions:

●      Trustees are identifiable physical persons. One advantage of trust law is that it identifies a physical person as being bound by strong legal duties. However, since no public bodies monitor the creation and functioning of social trusts, public transparency with regard to the identity and nomination of trustees is crucial.

●      Accountability of trustees and ‘auditability’ of decisions. A key aspect of social trusts is that they provide for the annual accounting of the actions and decisions of the trustees.[6] Traditionally, accountability in a trust is primarily financial. However, accountability for other aspects is conceivable, such as documenting the various uses of the datasets, and assessing the quality of the data and/or the technological infrastructure that supports it. The governance model we designed includes various levels within the accountability process, and the creation of an ethical committee (the ¨Trust Protector¨) helps to implement this mechanism, at its highest level. Accountability to the public, in general, may also be provided through publicizing the various decisions and actions of trustees.

●      Control over data. Trusts create an alternative legal regime to ownership. Indeed, no one has any right or ownership over data in trust. However,  the absence of ownership does not mean the absence of control. Trustees are able to make all decisions about accessing, hosting, protecting and sharing the data within parameters that are either predetermined (notably with regard to the purpose and key principles that are unchangeable, such as respect for the autonomy and privacy of individuals), or evolving (charter of data governance principles, more technical norms and standards).

●  Implication of stakeholders in the governance of the trust. The flexibility of trust law allows for governance models that include the participation of stakeholders and/or the general public in the decision-making process and in any ‘auditability’ framework (through decisional committees or nomination of trustees, for example). This inclusion of diverse stakeholders allows for the establishment

—

You can learn more about how civil law jurisdictions can support data trusts, Dr. Anne-Sophie Hulin, Professor at University of Sherbrooke (Québec), explains the basic elements of Québec’s trust law and how it differs from common law trusts.

[1]  Article 1270 of the Civil Code of Québec provides that “[The social trust] does not have the making of profit or the operation of an enterprise as its essential object.”

[2] Article 1294 of the Civil Code of Québec.

[3] Gagnon-Turcotte, S., Sculthorp, M., & Coutts, S. (2021). Digital data partnerships: Building the foundations for collaborative data governance in the public interest. Open North, p. 56.

[4] Article 1309 of the Civil Code of Québec.

[5] See Gagnon-Turcotte, S., Sculthorp, M., & Coutts, S. (2021). Digital data partnerships: Building the foundations for collaborative data governance in the public interest. Open North.

[6] Article 1351 of the Civil Code of Québec.