Trust-Based Data Governance Models and Their Impact on Personal Data Regulation

This article delves into trust-based data governance models, contrasting them with control-based models in the context of personal data regulation. It explores the challenges and benefits associated with both approaches, emphasizing the emergence of new models centered on trust such as data stewards, information fiduciaries, and data trusts. The analysis includes a discussion on the concept of trust, the roles of data curators, custodians, and stewards, and the growing importance of ensuring data integrity and accessibility. Overall, the piece provides insights into the evolving landscape of data governance and the interplay between trust and control strategies.

• Data Governance
• Trust-Based Models
• Personal Data Regulation
• Information Fiduciaries
• Data Stewards

kkwi Follow

Uploaded on Dec 06, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Can we trust trust-based data governance models? Esther Keymolen & Bart van der Sloot 19 May 2021

2. Regulating personal data Old & new models Old models => based on control Giving data subjects controlover their personal data Legal standards and governmental enforcement of these standards PROBLEMS: ex post regulation, network effect, oblivion, impossible, who is taking action? Outdated norms, enforcement issues, companies mainly pursue their own interest New models => based on trust Data stewards Information fiduciaries Data trusts

3. But what are we talking about, when we talk about trust? Conceptual analysis Trust: strategy to deal with uncertainty in social interaction. To have positive expectations of the actions of others. A trusts B to do x. Interpersonal: shared history, reciprocity, social roles, internal attribution System: reliance on experts, facework commitments, external attribution Data-driven: technology as quasi-other, user-friendliness, invisible visibility, attribution difficult Trust-based and control-based strategy often co-exist and build on each other. Control-based strategy are well-known, trast-based strategies are less known.

4. Data curators, data custodians, and data stewards Characteristics Data protection officer Data curator, data custodian, data steward Employee of/payed by organisation, yet formally independent Task: ensuring the common good/interests of data subjects/interests of other organisations against the interest of the employer Examples: ensuring data are correct, metadata are kept, data are accessible and can be re-used, ensuring data is used properly Currently practiced by: research institutes, libraries, medical facilities and, though to a lesser extent, private sector organisations.

5. Data curators, data custodians, and data stewards Characteristics Data protection officer Data curator, data custodian, data steward Employee of/payed by organisation, yet formally independent Task: ensuring the common good/interests of data subjects/interests of other organisations against the interest of the employer Examples: ensuring data are correct, metadata are kept, data are accessible and can be re-used, ensuring data is used properly Currently practiced by: research institutes, libraries, medical facilities and, though to a lesser extent, private sector organisations.

6. Data curators, data custodians, and data stewards Role of trust + challenges A trusts B to do x. A trusts B/C to do x. (A= data subject, B=company, C=Data curator, x= To uphold A s privacy interests) Challenges Difficult to encapsulate interests of data subjects do the different stakes (e.g. data subject, public interest, company interest). Limited focus of responsibility=> quality and governance of data processing.

7. Information fiduciaries Characteristics Jack M. Balkin, Information Fiduciaries and the First Amendment, 49 U.C.D. L. Rev. 1183 (2016). Waldman, A. E. (2018). Privacy as Trust. Information Privacy for an Information Age. Cambridge: Cambridge University Press. Baily suggest that a fiduciary relationship exists where (a) the beneficiary has a need to achieve certain ends that society considers valuable, (b) the fiduciary holds himself or herself out as able to achieve these ends, (c) the beneficiary has no or limited ability to monitor the fiduciary, and, (d) the fiduciary is in a position to unilaterally act to the detriment of the beneficiary. Because Google, Facebook, etc. have power, they have responsibility, a responsibility that goes beyond purely legal requirements, perhaps a duty of care > law, contracts, consent does not work because of the information + power asymmetry Because data subjects do not understand specificities/have no power to find out, these organizations should act ethical, meaning they should act with self-restraint Because data subjects trust these organizations and because these organizations suggest/pretend like they are trustworthy, they have a duty to live up to that expectation Fiduciary relationship primarily aimed at the interests of the data subject, not common good

8. Information fiduciaries Role of trust + challenges A trusts B to do x (A = Data subject, B= information fiduciary/company to look after A s privacy interests) Challenges Research indicates low trust in tech companies Conflicting interests (duty of loyalty vis-a-vis shareholders & end-users) Mismatch between level of trust relation and traditional fiduciary relation Role of data is not aligned with role of fiduciary Trust-based relation as a replacement instead of complementary

9. Data Trusts Characteristics Independent organisation, set up for the purpose of managing data Organisations can access the data only with consent of the trust Data subjects can indicate when, how and by whom their data can be used, most often in anonimised/pseudonimised form Organisations hope data subjects will be willing to share (more) data when they are in safe hands + they know that the data will only be used for the good The trust has the obligation to act on behalf of the data subjects, in the spirit of their wishes Examples: medical domain (data subjects share data for medical research); smart cities (citizens agree to their every movement in public or in private being monitored if used to their benefit/benefit of the community)

10. Data Trusts Role of trust + challenges A trusts B to interact on behalf of A with C (A= data subject, B= data trust, C= tech companies) Challenges Still dependent on C to keep its end of the bargain Bringing data together may cause security vulnerability Problem of scalability and granularity

11. Conclusion