Disturbing the ‘One Size Fits All’ Approach to Data Governance: Bottom-Up Data Trusts

43 Pages Posted: 9 Nov 2018 Last revised: 3 Jul 2019

See all articles by Sylvie Delacroix

Sylvie Delacroix

University of Birmingham - Birmingham Law School; Alan Turing Institute - Alan Turing Institute

Neil Lawrence

University of Sheffield - Department of Computer Science; Amazon.com

Date Written: October 12, 2018

Abstract

This paper proceeds from an analysis of the very particular type of vulnerability concomitant with our ‘leaking’ data on a daily basis, to show that data ownership is both unlikely and inadequate as an answer to the problems at stake. We also argue that the current construction of top-down regulatory constraints on contractual freedom is both necessary and insufficient. To address the particular type of vulnerability at stake, bottom-up empowerment structures are needed. The latter aim to ‘give a voice’ to data subjects whose choices when it comes to data governance are often reduced to binary, ill-informed consent. While the rights granted by instruments like the GDPR can be used as tools in a bid to shape possible data-reliant futures -such as better use of natural resources, medical care etc., their exercise is both demanding and unlikely to be as impactful when leveraged individually. We argue that the power that stems from aggregated data should be returned to individuals through the legal mechanism of Trusts.

Bound by a fiduciary obligation of undivided loyalty, the data trustees would exercise the data rights conferred by the GDPR (or other top-down regulation) on behalf of the Trust’s beneficiaries. The data trustees would hence be placed in a position where they can negotiate data use in conformity with the Trust’s terms, thus introducing an independent intermediary between data subjects and data collectors.

Unlike the current ‘one size fits all’ approach to data governance, there should be a plurality of Trusts, allowing data subjects to choose a Trust that reflects their aspirations, and to switch Trusts when needed. Data Trusts may arise out of publicly or privately funded initiatives. By potentially facilitating access to ‘pre-authorised’, aggregated data (consent would be negotiated on a collective basis, according to the terms of each Trust), our data Trust proposal may remove key obstacles to the realisation of the potential underlying large datasets.

Keywords: Data Trusts, GDPR, Data Controller, Privacy, Vulnerability, Agency, Medical Data, Genetic Data, Data Sharing, Data Mining, Trusts, Fiduciary

Suggested Citation

Delacroix, Sylvie and Lawrence, Neil, Disturbing the ‘One Size Fits All’ Approach to Data Governance: Bottom-Up Data Trusts (October 12, 2018). Available at SSRN: https://ssrn.com/abstract=3265315 or http://dx.doi.org/10.2139/ssrn.3265315

Sylvie Delacroix (Contact Author)

University of Birmingham - Birmingham Law School ( email )

Edgbaston
Birmingham, AL B15 2TT
United Kingdom

HOME PAGE: http://https://www.birmingham.ac.uk/staff/profiles/law/delacroix-sylvie.aspx

Alan Turing Institute - Alan Turing Institute ( email )

96 Euston Road
London, NW1 2DB
United Kingdom

Neil Lawrence

University of Sheffield - Department of Computer Science ( email )

Regent Court, 211 Portobello
Sheffield
United Kingdom

HOME PAGE: http://inverseprobability.com

Amazon.com ( email )

Seattle, WA 98144
United States

Register to save articles to
your library

Register

Paper statistics

Downloads
433
Abstract Views
3,042
rank
65,672
PlumX Metrics