Emily Barwell considers the legal considerations when setting up a data trust and discusses when it may be appropriate to use this new and innovative concept emerging in the data ethics space
What is a Data Trust?
Data trusts were explored in academia as a concept in 2004 as a way of dealing with data protection law and increasing protection for internet users. More recently, there were recommendations to develop the concept of a data trust in the paper “Growing the Artificial Intelligence Industry in the UK” by Professor Dame Wendy Hall and Jérôme Pesenti. This has led to data trusts being further explored and brought to wider public attention by the Open Data Institute (“ODI”) in early 2019.
The ODI has defined a data trust as “a legal structure that provides independent stewardship of data” . Although “steward” is not a legal term, it represents the person(s) who oversees and looks after the data trust.
Essentially, data trusts seek to enable the sharing of large data sets whilst ensuring that there is adherence to some pre-prescribed levels of data ethics, governance and privacy. A data trust is thus both a legal and technical construct which encourages ethical data sharing and transparent governance procedures, whilst also putting measures in place to protect privacy.
Data trusts have the potential for versatile use depending on the level of protections put in place. They address situations where there is a hesitation to share data within an industry and sharing that data could enable innovation. For example, data trusts have already been considered in the context of three pilots which analysed whether data trusts would enable information to be shared to combat food waste, help prevent illegal wildlife trade, and increase transport and energy efficiency in a city environment .
The aims of a data trust
A data trust is a legal and technical tool to enable data to be shared among multiple parties (as opposed from just party A to party B). It creates an acceptable method for sharing, where the parties would not have otherwise shared the data.
It aims to deal with real world barriers to data sharing by increasing control, trust and reassurance. These barriers may arise because the data contains personal data, company sensitive information or may have political ramifications. The data could then be used to develop artificial intelligence tools, provide training data for machine learning and generally forward the use of ‘big data’ sets in academic research, industry research and product development.
A data trust also aims to create a model or framework that is both repeatable and sustainable. It creates a space where data could be continually updated and additional parties (who comply with the entry requirements) could gain access to it.
The legal structure for the chosen model will depend on: the nature of the data; the steward; the provider and the data users. It will also depend on commercial and financial considerations such as: how the stewards will be rewarded for their time; whether the data provider is being paid; whether data users have to pay to access the data and the various financial models required by the parties. All of these considerations are key to considering what type of data trust model is appropriate for any data trust.
The Legal Considerations
The key legal consideration when forming a data trust is to decide upon the model to use. In most cases, either a contractual framework or corporate model will be the most appropriate. The descriptions below provide a brief overview of the methods that have so far been explored .
The key to setting up a data trust is creating the right framework for the client’s requirements. This would need to be supported by bespoke documentation including: a stakeholder/membership agreement; articles of association (when using a company model); data provision agreements; and data use agreements. In addition, where personal data is shared, further clauses will be required to ensure that it is compliant with data protection legislation .
Deciding when to use a data trust
Whether a data trust is an appropriate solution will depend on the aspirations of the parties. They may want to share large data sets where the data cannot be shared in an open access way. The parties may also aspire to certain standards of ethics and governance and want to put measures in place to ensure that this is dealt with. Conversely, the parties may use a data trust as a way to deal with reputational and commercial worries where they would prefer an arm’s length arrangement with the other parties involved. A data trust has the potential to be an additional and flexible option where previous models have simply not created the right environment to share certain data sets before.
The technical solutions available to parties will also need to be considered. Whilst the legal model can be relatively flexible, the technical software implementing and facilitating the data sharing needs to be capable of reflecting the legal terms in reality.
This article is a quick description of a data trust and what legal framework should be considered from the outset. I would urge anyone considering using this model to consider the extent of the research available. In particular, this article has not covered topics such as: providing data to the trust; dealing with personal data in a data trust; competition law concerns; intellectual property considerations and ending the data trust. All of these topics require legal support when setting up any data trust.
Emily Barwell is a solicitor in the Science and Technology team at BPE Solicitors LLP. She was involved with the legal research around the initial reports in early 2019 and the team, led by Rob Bryan, continues to be involved in developing data trusts. She is presenting on the legal considerations of a Data Trust at the SCL Annual Conference 2019.