Data Trusts: An Alternate Model For Data Privacy
As concerns grow about privacy and security, data trusts are catching on
It’s 2021. Do you know where your data is? Your data is valuable and everyone wants it. There may be help on the way: Protecting sensitive information through data trusts.
A data trust is a legal structure in which a group of people (trustees) look after assets, in this case data, on behalf of beneficiaries who own the data, like you and me. It is the trustee’s responsibility to look after the data rights and protections for all the beneficiaries in the trust.
We know that tech giants Facebook, Google, Amazon and Apple have come under fire from Congress, federal regulators, state attorneys general and European authorities regarding how they collect and use an individual’s data. But this problem is not just limited to social media, sharing and shopping platforms. Research posted by the Harvard Business Review shows 66% of companies surveyed are willing to share customer data.
There are some valid reasons to share data, including fraud detection in financial services, gaining speed and visibility across supply chains, and combining genetics, insurance data and patient data to develop new digital health solutions.
Part of this data sharing need is also driven by artificial intelligence (AI). To operate well, AI requires massive amounts of data from a multitude of sources. The problem is, when data is shared, personal customer information goes along with it.
Regulatory oversight in the U.S. is sorely lacking. To help keep personal information secure, while still meeting growing data demand for AI, research and innovation, companies are turning to data trusts.
A well set up data trust can adopt leading-edge technologies to carry out its mission. This may include federated machine learning (also known as collaborative learning), which is a machine learning technique that trains an algorithm across multiple decentralized edge devices or servers holding local data samples, without exchanging them. Homomorphic encryption can also be performed, allowing calculations to be done on data without decrypting it. With distributed ledger technology, or blockchain, a trust can guarantee transparency in data sharing and an audit trail of who is using the data at any time and for any purpose. This aspect would remove the considerable legal and technological friction that currently exists in data sharing.
Data trusts are a relatively new concept, but their popularity is catching on. The UK government first proposed data trusts as a way to make larger data sets available for training artificial intelligence in 2017. A European Commission proposal in early 2020 detailed data trusts as a way to bolster research and innovation. India’s government rolled out a plan in 2020 that included data trusts in order to give communities greater control over their data.
Companies are also looking at different forms of data trusts.
- UK Biobank was set up in 2006 to steward genetic data and samples from 500,000 people and takes the form of a charitable company with trustees.
- Startup OpenCorporates has established a separate entity with independent trustees to help safeguard the organization’s mission.
- Facebook has experimented with using a non-charitable trust to create an external board to make decisions on the removal of content uploaded to its platform.
- Google’s sister company Sidewalk Labs suggested the creation of a civic data trust to protect interests of residents and vendors in a sensor laden smart neighborhood in Canada.
How will protections change access to information?
Already there is concern from consumers that if you opt out of data collection, the app you are trying to access will be unusable.
“People all around the world are reliant on these platforms in order to express themselves freely, to access information online and to engage in society,” says Joe Westby, AI and Big Data researcher at Amnesty International. “In order to realize your rights through internet access, the companies’ dominance over the global public square means that you’re forced to submit to a system that is predicated on rights abuse. It’s a false choice and Faustian bargain.”
Many sites are proactively giving you choices to decide how your data is collected or shared, following Europe’s GDPR guidelines, while still maintaining full functionality on the site. However, you may have to take an extra step to control what you are sharing. One way to do this is by allowing an app to only collect information necessary for the app to run, until there is better national policy or data trust. In theory, a data trust would make these protective choices for you, once you provide initial input.
The other option is a National Data Protection Authority
The United States is one of the few democratic nations to not have an overall National Data Protection Authority. The Federal Trade Commission (FTC) has jurisdiction over most commercial entities and has authority to issue and enforce privacy regulations in specific areas. Other government agencies regulate privacy for industries such as healthcare, financial services, telecommunications and insurance. The state of California enacted its own wide-reaching privacy laws, and a handful of other states have since created similar laws.
Since many businesses that use the internet are open to a global marketplace, the growing mishmash of overlapping policies is increasingly difficult for advertisers to keep up with. In addition, if a U.S. company has any customers in Europe, they must follow GDPR guidelines or potentially face stiff fines.
Watchdog groups like Epic.org claim the FTC has failed to protect consumers from massive personal data collection, which is true. Even though current lawsuits and proposed legislation addresses privacy concerns, the data collection ecosystem is very well established. It will be difficult to put the genie back in the bottle.
Data trusts aren’t the only solution to growing privacy and security concerns, but it does pose an interesting governance model to help people regain control of their personal data, enforce rights and ensure that data sharing benefits everyone.