Defining a ‘data trust’

Fri Oct 19, 2018

We’ve been investigating ‘data trusts’ as an approach to stewarding data, to retain trust in how it’s collected, maintained and shared

We need to retain trust in how data is collected, maintained and shared if we are to realise its full benefits. We’ve been investigating ‘data trusts’ as an approach to stewarding data, and will be running pilots in the coming months to help understand where they might be useful.

At the ODI, we are working on a project exploring how to increase access to data while retaining trust. One of the newer forms of data access models we have been looking at is data trusts.

We initially found multiple broad definitions of data trust. We did not think maintaining a range of definitions was useful – it could mislead people and risk wasting effort due to talking at cross purposes. As a result, we have adopted the definition of a data trust:

A data trust is a legal structure that provides independent third-party stewardship of data

This definition is not a completely new one. It builds on existing work and definitions used by others, such as Lilian Edwards’ research on the potential role of data trusts and Sean McDonald and Keith Porcaro’s descriptions of ‘civic data trusts’.

We also propose some characteristics for a good data trust, which we describe later in this blogpost.

A data trust takes the concept of a legal trust and applies it to data

Historically, trusts have been used in law to hold and make decisions about assets such as property or investments. A data trust takes this concept of holding something and making decisions about its use, but applies it to data. It is a legal structure that provides independent stewardship of some data for the benefit of a group of organisations or people.

That benefit might be to create new businesses, help research a medical disease, or empower a community of workers, consumers or citizens.

In a data trust, the trustors may include individuals and organisations that hold data. The trustors grant some of the rights they have to control the data to a set of trustees, who then make decisions about the data – such as who has access to it and for what purposes.

The beneficiaries of the data trust include those who are provided with access to the data (such as researchers and developers) and the people who benefit from what they create from the data.

The trustees take on a legally binding duty to make decisions about the data in the best interests of the beneficiaries. This is sometimes referred to as a fiduciary duty. Proponents of data trusts suggest this duty would help to increase the trust that individuals and organisations have in the way data is used.

The motives of a data trust can be good or bad

One motive behind establishing data trusts is to distribute the benefits arising from data more equitably. In some cases the benefits could be monetary – for example a share in the profits generated by services created from the data. Some people want to create data trusts to create collective power over data, for example by helping a group of workers have more control data about their jobs, or a community have more control of data about the place where they live. Other benefits would be indirect and difficult (or impossible) to distribute back to trustors, such as the societal benefit of helping researchers understand how to manage mental health issues.

We think data trusts could also be used in harmful ways. In the same way trusts have been used to avoid taxes, there is concern that data trusts could be adapted to try to obfuscate the profits generated by data or avoid data protection responsibilities. They will need to be transparent and work openly so that regulators, the public and others can hold them to account.

Supporting good uses of data trusts and protecting against bad ones

A data trust forms part of our data infrastructure, so we would expect it to align with our principles for good data infrastructure. These principles are intended to maximise value by helping to create an open and trustworthy data ecosystem. They include measures such as building with the web and designing in ways that can adapt to changing situations.

In addition to these principles, a data trust needs some specific characteristics. These characteristics are intended to help support good uses of data trusts, and protect against bad ones. We believe a data trust must have:

  • a clear purpose
  • a legal structure (including trustors, trustees with fiduciary duties and beneficiaries)
  • (some) rights and duties over stewarded data
  • a defined decision making process
  • a description of how benefits are shared
  • sustainable funding

When we have discussed these with some people they have also asked about other characteristics which we do not think are useful or necessary. For example, we think a data trust can use any form of technology for data storage and access; that data trusts can steward data which is either shared or open; and that data trusts could include data from the public, private or third sectors.

Piloting a data trust

Words, descriptions and motives are fine, but we now need to find out if this model works in the real world and if it meets our goal of increasing access to data while retaining trust. To do this, we need to test it by running some pilots. This is what we will be doing in the coming months.

In the pilots, we will explore a range of research questions such as “how do the roles of data controllers and data processors from data protection legislation map to the roles in a data trust?”, “what is the cost of running a data trust?” and “how can a data trust be stopped?”. If we determine the model is useful, we would also want to learn how to make it repeatable and scalable by as many people as possible.

We are not the only people exploring these questions. Sean McDonald and Bianca Wylie, for example, are currently experimenting with data trusts and different governance models for data. We have built on the work they and others have shared.

As always we will work as openly as possible and also share the lessons we learn. If we find our work is useful then we will also provide more detail on the characteristics and how to assess data trusts against them.

Do get in touch at [email protected] if you want to know more, work with us, or to share your own stories about exploring the same topics.

 

Photo by rawpixel on Unsplash