A few days ago I wrote of the benefit of limitations. This idea has lots of practical applications especially in the digital space as we have growing need to share data across organisations, however we also need to ensure the sharing of it does not ‘harm’ the individuals and that ideally the data is used for public good.
A clear use case for this is when NGOs work in consortiums or with the same people. There is much data that is common and if shared, would reduce cost and time. However, in the majority of our operating models we only scratch the surface of the data sharing discussion preferring to debate who ‘owns’ the data and the liability for it.
The idea of a Data Trust could help to de-politicise the discussions by establishing a Trust with trustees, who are representatives of various organisations AND the beneficiaries themselves. To start with, into this Trust, we could keep certain data that multiple actors needed access to and have rules or standards around the structure and use of this data.
The Trust would limit what data it would hold and the use of the data it holds. It could also limit how long it would hold the data – as there is correlation between the time data is held and the harmful use of the data. The Trust could also limit how long it will exist and upon dissolution of the Trust, the data would be deleted. These self-limiting actions can actually increase transparency and trust if the trustees do their job as they can be held accountable by any of the beneficiaries of the Trust.
So what is Trust?
Below I’ve copied extensively from Sean McDonald and Keith Porcaro’s article: The Civic Trust with their permission. But first, what is the difference between a trust and a company or organisation.
A company is a form of business organisation. It is a conglomeration of individuals and assets with a common aim towards the attainment of profits. A company is based on a business for which all the persons associated with it are working for and are supposed to have a common aim called the gaining of profits.
A Trust is characterised by the presence of a trustee who administers assets on behalf of another and is organised to perform the fiduciary requirements set out in its purpose. A Trust works on the main goal of safeguarding assets and other kinds of property related to a person or group of persons or any other organisation for that matter. A trust acts like an escrow.
A Trust has five elements — a grantor, a beneficiary, a trustee, an asset, and a purpose. On the simplest level, a grantor gives an asset to a trustee in order to ensure that it fulfils a purpose that is valuable to the beneficiary.
The grantor is the person or company that owns the original asset or they can donate their asset to an existing Trust for management. Importantly, once the grantor places an asset in trust, the grantor no longer owns the asset.
The beneficiary is who the use of the asset is meant to serve — and it can be specific (a single person), general (users of a tool or asset), or very, very general (people). Trusts give the beneficiary a legal right to challenge whether a trustee is doing its job — and they ultimately “own” the asset the grantor puts in trust. Creating a broad beneficiary class means that people who feel that that the technology product or company has damaged their well-being can seek justice. Data Trusts can create a legal basis for the community to seek redress based on the impact that a technology product has on the public good. This is particularly powerful (and makes particular sense) for technology products that are built with public assets or adopted by public institutions.
An asset can be anything of value. For the purposes of this discussion, let’s assume that the asset is a code base and all of the resulting data that moves through it. There are models where it could be one or other other, but owning both the code base (the database, standards, processing structures, and interface) and the resulting data (the commodity that moves through it) gives a Data Trust the greatest number of options in protecting the purpose of the Data Trust.
Ownership gives the Data Trust influence over the companies that it licenses the asset to, and is what it uses to influence the companies that bring the product to market. So, if a Data Trust owns a code base and the commercialising company doesn’t live up to its promises, the Trust can threaten or revoke that company’s license. If a Data Trust owns both the underlying code and the user data, it creates a wider range of available actions, such as temporarily removing access to data, limiting access to particular types of data, or delaying the transfer of data before the “nuclear” option of revoking a license entirely. The leverage of ownership is one of the key differences between Data Trusts and certification programs like B Corps.
The purpose is why the trust exists — it legally obligates the trustee to uphold a set of values and processes by creating fiduciary duty. A Trust’s purpose is the mission and governing principles — and when it’s ignored, its beneficiaries can use it to hold the trustee accountable.
The purpose of a Data Trust is to embed principled, participatory governance systems into the decision-making processes that define user rights within a technology platform. A Data Trust structure is inherently flexible — but our goal is to create a legal structure that protects the public interest in intellectual property, while we work together to define user rights. Trusts can use licensing negotiations to design structured participation systems into any part of the relationship between the commercialising company and the beneficiaries.
Data Trusts, in addition to defining the relationship between the owner of the asset and the commercialising company, it makes licensing contingent on a set of participation standards and their effect on the rights of the beneficiary. Data Trusts can use different licenses to embed different participation structures (direct democracy, elected representation, expert collaboration), as well as norm preferences (equal representation, weighted by participation, weighted by expertise).
The trustee is the person or organisation that is responsible for managing the asset and fulfilling the trust’s purpose in the beneficiary’s interests. A typical trustee can be anyone (a person, an organisation representative, or any legal entity), but ideally should be financially stable enough to resist the external pressures that may try to subvert the trust. Any benefit (including salary) received by the trustee must be transparent so that any decision making is divorced of benefit.
A Data Trustee is the organisation that will start to experiment with, define, and enforce the ways that we participate in the evolution of public and civic technologies. A Data Trustee has a legal responsibility to protect the beneficiary’s interests in the core technology and data assets, and so it’s also important that they have public accountability and participation structures embedded into their own governance as well. Data Trusts require the Trustee to have (or amend) bylaws that ensure that the public or beneficiary votes to elect the leadership of the Trustee.
Thank you for your work on Data Trusts, Amos. I have recommended your podcast to many people and it’s a firm favourite of the Cordial World team. We are busy raising funding to build a Data Trust to support Long COVID research. It would be great to chat about this and so many other of your interests – of which I believe we are aligned.