Data, the new oil, has created an enormous power imbalance between the users and enterprises who collect their data. But what contributes to this glaring inequality?
Tech companies generate revenue from the user data in return for free access to their platforms. We are not consumers. We are the products. In other words, the trade-off is tilted in the companies’ favour.
To ensure everyone benefits from the data generated through various digital platforms, it is imperative to tap multiple data governance models to establish an informed regulatory framework.
Here, we look at different data governance models.
A data trusts model has three main stakeholders — trustee, beneficiaries, and a settlor. Here the settlor takes the data from beneficiaries and places it in a trust. The trustee is bound by fiduciary duties and is held accountable when there is a misuse of data. In the case of untoward incidents, the trustee is obligated to act in the beneficiary’s best interest. The roles of settlor and beneficiaries could be clubbed. This approach lets the data subjects pool their data and designate a trustee with fiduciary responsibilities.
Data trusts need not take a one-size-fits-all approach and establish different terms and conditions to define what role the trustee has to play and who gets access to the data. The access should depend on the purpose of the data trust and be considered on a case-by-case basis.
The trustee or steward should be responsible for providing safety and security to the data. This also includes carrying out the erasure or portability rights of data on behalf of the beneficiary. It also makes sense to establish a Data Trust Support Organisation or a neutral party responsible for developing tools, templates, and guidance for the trust. Data subjects could also define the rules.
While data trusts preserve privacy via access controls, data commons corrals data in a democratic way. The model espouses everybody who is part of the data commons can use the data equally.
However, this raises concern as two different communities with equal access to data can use the same data for different purposes. For instance, agricultural data used by the farmer community can improve agrarian produce. Still, the same data used by the business community to predict and manipulate market prices can affect this product’s sales.
To address this, academics have introduced the principle of inclusion and exclusion. People who have contributed to the data and will use it for a common purpose should access it. This is called ‘reflective solidarity’.
Meanwhile, the stewardship could be centralised. However, this begs the privacy question. Hence, academics suggest a decentralised stewardship model using blockchain technology, where data will be available or re-identified following the permission from the data generator.
Data donation is the act of transferring data from one entity to another for a specified purpose. Data donation can go a long way in challenging tech oligopolies. However, we should have ethical and regulatory frameworks to ensure data donations contribute to the public good and to protect the personal needs and interests of people involved in it.
Indirect reciprocity will ensure the relationship between givers and receivers is not starkly unbalanced in terms of the overall distribution of costs and benefits, duties and entitlements. Even after the donation, an individual should be entitled to exclusive rights of their data.
Apart from these three models and the traditional model, in which the law decides the governance and access in respective countries or regions, many other frameworks are coming up.
While it is very subjective as to which model is the best for what purpose and there could be multiple variations within the model itself, the fundamental that everyone involved should benefit from any model where their data is being used, should remain constant.