Bottom-up data Trusts: disturbing the ‘one size fits all’ approach to data governance

Sylvie Delacroix, Neil Lawrence

Research output: Contribution to journalArticlepeer-review

12 Citations (Scopus)
244 Downloads (Pure)


The current lack of legal mechanisms that may plausibly empower us, data subjects to ‘take the reins’ of our personal data leaves us vulnerable. Recent regulatory endeavours to curb contractual freedom acknowledge this vulnerability but cannot, by themselves, remedy it—nor can data ownership. The latter is both unlikely and inadequate as an answer to the problems at stake. We argue that the power that stems from aggregated data should be returned to individuals through the legal mechanism of Trusts. Bound by a fiduciary obligation of undivided loyalty, the data trustees would exercise the data rights conferred by the GDPR (or other top-down regulation) on behalf of the Trust’s beneficiaries. The data trustees would hence be placed in a position where they can negotiate data use in conformity with the Trust’s terms, thus introducing an independent intermediary between data subjects and data collectors. Unlike the current ‘one size fits all’ approach to data governance, there should be a plurality of Trusts, allowing data subjects to choose a Trust that reflects their aspirations, and to switch Trusts when needed. Data Trusts may arise out of publicly or privately funded initiatives. By potentially facilitating access to ‘pre-authorized’, aggregated data (consent would be negotiated on a collective basis), our data Trust proposal may remove key obstacles to the realization of the potential underlying large datasets.
Original languageEnglish
Pages (from-to)236-252
Number of pages17
JournalInternational Data Privacy Law
Issue number4
Early online date1 Oct 2019
Publication statusPublished - Nov 2019


Dive into the research topics of 'Bottom-up data Trusts: disturbing the ‘one size fits all’ approach to data governance'. Together they form a unique fingerprint.

Cite this