Data trusts raise questions on privacy and governance
We’ll send you a myFT Daily Digest email rounding up the latest Data protection news every morning.
When Prince Harry posted a photograph of himself and his future wife Meghan Markle in Botswana, placing a satellite collar on an elephant to track it and protect it from poachers, the royal was demonstrating new ways of combating the illegal wildlife trade.
The couple’s post sought to highlight that more than 100 African elephants a day are killed for their ivory. Now, the war against poaching has another potential weapon: artificial intelligence.
AI is capable of analysing different kinds of data sets and spotting significant patterns. The results can be used for the wider public good, such as improving planning in healthcare and public transport — or fighting wildlife poachers.
“Audio data can be used to train algorithms to distinguish gunshots [of] those poaching wild animals [from] the gunshots [of] hunters,” says Chris Martin, a partner at law firm Pinsent Masons. Using big data, real-time alerts could be pinged to rangers to tell them which areas to focus on.
Data trusts — which are separate legal entities designed to help organisations extract value from anonymised data without falling foul of privacy regulations — are being mooted as a way to allay concerns about how sensitive data is held by third parties.
A pilot study on whether data trusts should be set up to share information to tackle the illegal wildlife trade was one of three initiatives by the Open Data Institute earlier this year (the ODI is a UK non-profit body that works with companies and governments “to build an open, trustworthy data ecosystem”).
The study looked at whether data trusts could hold photographs from camera traps and acoustic information from a range of sources, which could be used by algorithms to create real-time alerts on poachers in protected areas.
There are, however, legal questions about how to share anonymised data from governments and companies in a safe, ethical way against a backdrop of public mistrust. In the biggest scandal to date, consultancy Cambridge Analytica illicitly harvested personal data from Facebook to influence elections. In July, the US Federal Trade Commission approved a $5bn fine for the social media platform for privacy violations.
In Los Angeles, residents have expressed concerns about the use of personal data collected from electric scooters, which is intended to help urban planning.
Companies and governments tread a fine line between extracting information from data and ensuring they do not break laws such as the EU’s General Data Protection Regulation (GDPR) which forces any company holding personal data of an EU citizen to seek consent and delete the data on request. Individuals should not be identifiable from the data sets.
These legal problems on privacy and governance were what law firm Pinsent Masons with BPE Solicitors had to contend with when advising the ODI on data trusts.
The project to combat poaching looked at whether a data trust could improve the sharing of information and invoice data from researchers and governments, by monitoring documents given to border staff about species being transported across borders that can be falsified by smugglers. The data could be used to train algorithms to help border staff identify illegally traded animals.
Mr Martin says setting up such a data trust could enable border officials to take photographs of a live animal and use software to check whether it is a species on which there are export restrictions.
One advantage of a data trust is that it enables individuals to become trustees and have a say in how their anonymised data is used. It would allow citizens to be represented if the data trust held traffic information collected about their locality, for example.
Data trusts might also encourage companies to put in data to enable them to work on projects where they have a common goal. “The big supermarkets could decide to set up a data trust to share data on, for example, tackling food waste or climate change,” Mr Martin says.
Chris Reed, professor of electronic commerce at Queen Mary University of London, says data trusts are useful when multiple organisations put in data. “The sharing of data might have been subject to agreements between parties, but when you might have 100 companies putting in data you cannot have agreements covering them all. Having a data trust is a fair and safe way of doing this,” he says.
Only a handful of data trusts exist. Credit card company Mastercard and IBM has formed an independent Dublin-based data trust called Truata. Connor Manning, a partner at law firm Arthur Cox, handled the corporate and trust structure documentation. He says that part of the legal complexity was designing the structure so that Mastercard was a beneficiary of the trust but the structure was not a standard company. “It is a corporate structure with a trust structure on top,” he explains.
A data trust may not be the answer to every situation. Other types of institutions already exist, such as more informal data clubs, which allow data to be exchanged between organisations for a common benefit.
Yet public concerns are likely to remain, even if data is held in a trust. It is uncertain, for example, how such a trust could be regulated and whether a data trust might be able to conceal profits generated by data or evade responsibilities under data protection rules. There is also a risk of hackers trying to obtain data from a trust, which could reduce the incentives for governments or companies to share information in the first place.
Many still see data trusts as the best approach. Sidewalk, a subsidiary of Google parent Alphabet, recently proposed a civic data trust to assuage public concerns about privacy in a development project on the eastern waterfront of Toronto. The trust means data would be held securely by an independent third party. The value from data goes to the people and communities from which it was collected.
But the question of who controls that data, what legal structure it should be held in and what can be done with it — whether it be to track poachers or to monitor consumers — is likely to become a battleground in public policy.
The tables below rank law firms and in-house legal teams for the FT Innovative Lawyers Europe awards.
Explore the Innovative Lawyers Europe rankings 2019
- Most Innovative Law Firms in Europe
- Most Innovative In-house Legal Teams in Europe
- Rule of law and Access to Justice
Business of Law
- Data, Knowledge and Intelligence
- Managing and Developing Talent / Diversity and Inclusion
- New Business and Service Delivery Models
- New Products and Services
- Strategy and Changing Behaviours
- Talent, Strategy and Changing Behaviours
Get alerts on Data protection when a new story is published