Disturbing the ‘One Size Fits All’ Approach to Data Governance: Bottom-Up Data Trusts
39 Pages Posted: 9 Nov 2018 Last revised: 26 May 2019
Date Written: October 12, 2018
The current lack of legal mechanisms that may plausibly empower us, data subjects, to ‘take the reins’ of our personal data leaves us vulnerable. Recent regulatory endeavours (from the GDPR to the CCPA) to curb contractual freedom acknowledge this vulnerability but cannot, by themselves, remedy it. We argue that the power that stems from aggregated data should be returned to individuals through the legal mechanism of Trusts. Bound by a fiduciary obligation of undivided loyalty, the data trustees would exercise the data rights conferred by the GDPR (or CCPA) on behalf of the Trust’s beneficiaries (and settlors). The data trustees would hence be placed in a position where they can negotiate data use in conformity with the Trust’s terms, thus introducing an independent intermediary between data-subjects and data-collectors. Unlike the current ‘one size fits all’ approach to data governance, there should be a plurality of Trusts, allowing data subjects to choose a Trust that reflects their aspirations, and to switch Trusts when needed. Data Trusts may arise out of publicly or privately funded initiatives. By potentially facilitating access to ‘pre-authorised’, aggregated data (consent would be negotiated on a collective basis, according to the terms of each Trust), our data Trust proposal may remove key obstacles to the realisation of the potential underlying large datasets.
Keywords: Data Trusts, GDPR, Data Controller, Privacy, Vulnerability, Agency, Medical Data, Genetic Data, Data Sharing, Data Mining, Trusts, Fiduciary
Suggested Citation: Suggested Citation