Bottom-up data Trusts: disturbing the ‘one size fits all’ approach to data governance

Research output: Contribution to journalArticlepeer-review

Standard

Bottom-up data Trusts : disturbing the ‘one size fits all’ approach to data governance. / Delacroix, Sylvie; Lawrence, Neil.

In: International Data Privacy Law, 01.10.2019.

Research output: Contribution to journalArticlepeer-review

Harvard

APA

Vancouver

Author

Bibtex

@article{e54f6271c2324383887130817b64b2cf,
title = "Bottom-up data Trusts: disturbing the {\textquoteleft}one size fits all{\textquoteright} approach to data governance",
abstract = "The current lack of legal mechanisms that may plausibly empower us, data subjects to {\textquoteleft}take the reins{\textquoteright} of our personal data leaves us vulnerable. Recent regulatory endeavours to curb contractual freedom acknowledge this vulnerability but cannot, by themselves, remedy it—nor can data ownership. The latter is both unlikely and inadequate as an answer to the problems at stake. We argue that the power that stems from aggregated data should be returned to individuals through the legal mechanism of Trusts. Bound by a fiduciary obligation of undivided loyalty, the data trustees would exercise the data rights conferred by the GDPR (or other top-down regulation) on behalf of the Trust{\textquoteright}s beneficiaries. The data trustees would hence be placed in a position where they can negotiate data use in conformity with the Trust{\textquoteright}s terms, thus introducing an independent intermediary between data subjects and data collectors. Unlike the current {\textquoteleft}one size fits all{\textquoteright} approach to data governance, there should be a plurality of Trusts, allowing data subjects to choose a Trust that reflects their aspirations, and to switch Trusts when needed. Data Trusts may arise out of publicly or privately funded initiatives. By potentially facilitating access to {\textquoteleft}pre-authorized{\textquoteright}, aggregated data (consent would be negotiated on a collective basis), our data Trust proposal may remove key obstacles to the realization of the potential underlying large datasets.",
author = "Sylvie Delacroix and Neil Lawrence",
year = "2019",
month = oct,
day = "1",
doi = "10.1093/idpl/ipz014",
language = "English",
journal = "International Data Privacy Law",
issn = "2044-3994",
publisher = "Oxford University Press",

}

RIS

TY - JOUR

T1 - Bottom-up data Trusts

T2 - disturbing the ‘one size fits all’ approach to data governance

AU - Delacroix, Sylvie

AU - Lawrence, Neil

PY - 2019/10/1

Y1 - 2019/10/1

N2 - The current lack of legal mechanisms that may plausibly empower us, data subjects to ‘take the reins’ of our personal data leaves us vulnerable. Recent regulatory endeavours to curb contractual freedom acknowledge this vulnerability but cannot, by themselves, remedy it—nor can data ownership. The latter is both unlikely and inadequate as an answer to the problems at stake. We argue that the power that stems from aggregated data should be returned to individuals through the legal mechanism of Trusts. Bound by a fiduciary obligation of undivided loyalty, the data trustees would exercise the data rights conferred by the GDPR (or other top-down regulation) on behalf of the Trust’s beneficiaries. The data trustees would hence be placed in a position where they can negotiate data use in conformity with the Trust’s terms, thus introducing an independent intermediary between data subjects and data collectors. Unlike the current ‘one size fits all’ approach to data governance, there should be a plurality of Trusts, allowing data subjects to choose a Trust that reflects their aspirations, and to switch Trusts when needed. Data Trusts may arise out of publicly or privately funded initiatives. By potentially facilitating access to ‘pre-authorized’, aggregated data (consent would be negotiated on a collective basis), our data Trust proposal may remove key obstacles to the realization of the potential underlying large datasets.

AB - The current lack of legal mechanisms that may plausibly empower us, data subjects to ‘take the reins’ of our personal data leaves us vulnerable. Recent regulatory endeavours to curb contractual freedom acknowledge this vulnerability but cannot, by themselves, remedy it—nor can data ownership. The latter is both unlikely and inadequate as an answer to the problems at stake. We argue that the power that stems from aggregated data should be returned to individuals through the legal mechanism of Trusts. Bound by a fiduciary obligation of undivided loyalty, the data trustees would exercise the data rights conferred by the GDPR (or other top-down regulation) on behalf of the Trust’s beneficiaries. The data trustees would hence be placed in a position where they can negotiate data use in conformity with the Trust’s terms, thus introducing an independent intermediary between data subjects and data collectors. Unlike the current ‘one size fits all’ approach to data governance, there should be a plurality of Trusts, allowing data subjects to choose a Trust that reflects their aspirations, and to switch Trusts when needed. Data Trusts may arise out of publicly or privately funded initiatives. By potentially facilitating access to ‘pre-authorized’, aggregated data (consent would be negotiated on a collective basis), our data Trust proposal may remove key obstacles to the realization of the potential underlying large datasets.

U2 - 10.1093/idpl/ipz014

DO - 10.1093/idpl/ipz014

M3 - Article

JO - International Data Privacy Law

JF - International Data Privacy Law

SN - 2044-3994

ER -