In 2009, Elinor Ostrom won the Nobel Prize in Economics for her work on informal governance systems for the commons. She published “8 Principles for Managing a Commons,” describing the characteristics of governance to avoid the tragedy of the commons — a term used to describe a situation in which individuals extract value from shared resources at the cost of others’ enjoyment of those same resources.
Ostrom’s work feels relevant today, as governments at all levels grapple with questions around the use of and benefit from public and private data. One of Ostrom’s principles — that those affected by the rules should be able to participate in modifying the rules — is particularly challenging at the moment. Although data governance is ever-rising on the global policy agenda, the necessary mechanisms for public participation have yet to be developed.
Policy makers aren’t new to such challenges — societies have been building governance systems that support public and private benefit from shared resources for a very, very long time. Commons resource governance predates Bretton Woods, modern human rights and most sovereign states — and its early structures may provide a good starting point when considering the sharing of data.
What is perhaps new is the degree to which public governance and market institutions have developed, globalized and acquired interests of their own. The globalization of data markets has outpaced the evolution and jurisdiction of most consumer protections, which are typically designed and enforced by sovereigns. As with most self-regulation, it’s unlikely that markets alone will enforce good practice when it comes to data. Similarly, sovereign attempts to govern the global internet are often overreaching. Since a plurality of interests will be affected by data governance, a similarly plural governance tool is necessary.
Enter the data trust.
Fiduciary trusts are already used to govern and maintain shared resources such as public lands, pension funds and, increasingly, data. Fiduciary data trusts aren’t organizations; they’re contracts that give a trustee, or a group of trustees, authority to make decisions about how an asset — say, data — can be used on behalf of a group of people. Fiduciary trusts are almost 1,000 years old, dating back to the Norman invasion of the United Kingdom — and they have been used to manage resources ever since.
Like powers of attorney, data trusts are flexible and de facto global, meaning that they can be written in ways that create legally accountable governance structures. It’s helpful to think about a data trust as a container — one that can hold assets, define governance and manage liabilities.
When used for governance, data trusts can steward, maintain and manage how data is used and shared — from who is allowed access to it, and under what terms, to who gets to define the terms, and how. They can involve a number of approaches to solving a range of problems, creating different structures to experiment with governance models and solutions in an agile way.
That flexibility also means that data trusts aren’t a guarantee of anything. Using data trusts doesn’t inherently create good governance or solve the very real questions about the best business model for public interest data stewardship. They are one piece of a larger governance puzzle, one that necessarily includes laws, policies, standards, rights and much more.
Cities, in particular, are at a crossroads regarding data and they try to weigh the benefits and risks of commercializing and privatizing critical governmental functions. In short, as cities decide how to manage data (associated with everything from transportation, to social service delivery, to education), vendors are offering solutions. The problem? Those private vendors have their own interests and — even if they are not developed with nefarious intent — privatized public services don’t mesh well with some keystones of local democracy, such as public ownership and participation.
Data trusts can play a role in ensuring governments guarantee that data required for public services isn’t captured by commercial interests or held hostage for shareholder value.
As Paul Miller and Andrew Gold describe in their paper “Fiduciary Governance,” many public institutions are best understood as fiduciaries. Fiduciary data trusts are flexible vehicles that can, unlike institutions, minimize and contain the risks around experimenting with different models of governance. Beyond providing the structure of fiduciary governance, data trusts can act as a way for data rights holders to aggregate and build leverage toward collectively bargaining for more balanced, publicly beneficial data relationships.
Teresa Scassa, senior fellow at CIGI, wrote that “clicking ‘I agree’ without reading privacy policies is an act of surrender, not of consent.” Contract law is based on the idea of negotiated agreement. If there is one thing privacy policies and terms of service are not, it’s negotiated.
At present, most data relationships are written as exceptionally permissive, or outright open, licences. The act of creating a data trust, by contrast, is inherently specific, requiring the parties involved to agree on a common purpose, a governance structure and a clear theory of shared benefit. In other words, one opportunity that data trusts can provide is a way to create collective bargaining for data-sharing relationships.
Another example where data trusts might help is when there are multiple parties with different interests in a data set, for example, researchers, platforms, governments and residents. The trust model could help them define their priorities and negotiate mutually beneficial use. As we build more ways to collect sensitive data on residents, whether through commercial devices or city infrastructure itself, it’s clear that we have a lot of interest balancing to do.
There is no “one-size-fits-all” solution. As with most of the history of commons governance, there will be a wide variety of approaches, each of which will bring comparative benefits to solving problems.
We’re doomed to repeat the history we ignore. While data is unique, the collective action problems around it aren’t. When it comes to maximizing the value of our data and technology, data trusts are a new version of one of history’s most useful legal tools. Technology lets us build faster, but governance is what makes sure that the things we build last.