Jeremy Brito, London
A massive data breach took place at Facebook last week seeing 533 million user’s data stolen and published on a hacking forum. Facebook HQ’s response to the latest breach was one of silence and zero accountability. This data breach follows on from the notorious Cambridge Analytica scandal in 2018 where Facebook was fined $5 billion for violating user’s personal data.
The question we now need to ask ourselves is: ‘How can we better protect and control our personal data online?’ As we have seen large fines have very little impact on billion-dollar companies. What we need is to create robust data governance that provides complete compliance and accountability. One idea that has come to fruition are ‘Data Trusts’.
Data Trusts
So, what exactly are ‘data trusts’? A data trust works in the same way as a legal trust. You have a trustor (an individual) who is the owner of the personal data (i.e. name, date of birth, address, medical data etc…). The trustor would appoint a trustee (individual, professional, government or institution) to manage their data and they follow a legal structure about who can collect and use the data. The trustee then provides the data to a beneficiary (individual or an institution). The beneficiary must use the data provided in the correct manner as specified by the trustee. If they were to violate the use of the data, it can then be legally removed by the trustee and further court action taken.
This framework provides a more balanced regulation of data and can inspire collaboration and innovation between trustees and beneficiaries. For example, individuals with a medical condition can join a data trust that supports research for that particular condition. The trustee of data trust can provide hospitals and medical researchers with this data to develop advanced models, improve health care or eventually find a cure.
Perhaps, members of the public would be more willing to share their health data if they knew they were being protected by a trust and their data was being used in an ethical way.
There are still a number of questions that policymakers would need to consider before moving forward with data trusts. For instance, how easy it is to delete our data from the trust? Can we easily move our data from one trust to another without any conflict of interest? How would you prevent trustees from providing data to the highest bidder rather than for the greater good? Would we need to include a wider range of stakeholders such as industry advisors and trade unions as the trustees?
As we have seen with many big tech companies, users are happy to handover their data freely without thinking about the consequences or where their data ends up. Adding an extra layer of protection ensures organisations think twice about how they use our personal data.
