Policy Significance Statement
How to increase responsible data sharing is one of the most significant questions of the 21st century. Access to rich datasets benefits economies and societies by facilitating not only timely and well-informed policies and decisions, but also the development of new and improved data-based products and services. Data Foundations, as one of the new types of Data Institutions, offer some unique qualities which create the opportunity for a cost-effective and trustworthy mechanism for multiple data providers to share more data, even if they are competitors. They use specific design principles offering a data governance model which includes independent oversight, a rulebook, and the ability to represent data subjects in collective decision-making regarding the data.
Introduction
Data sharing initiatives involve two or more data providers who agree to pool or otherwise link together specified data in order to make such data available to each other and/or third parties (i.e., data users). Such data sharing initiatives can take many forms, including data collaboratives and data marketplaces (Smart Dubai and Nesta, 2020). While the amount and demand for data continues to intensify, there is a considerable deficiency of such data sharing initiatives in practice that is “the data pooling problem” (Mattioli, Reference Mattioli2017).
We approach this issue through the design and development of data foundations inspired by Channel Islands’ foundations laws.Footnote 1 Data foundations provide a robust data governance model that
“supports responsible and sustainable non-personal and personal data usage, sharing, and re-usage by means of independent data stewardship.”
(Stalla-Bourdillon et al., Reference Stalla-Bourdillon, Wintour and Carmichael2019)In this paper, we aim to demonstrate why data foundations are well suited to the needs of data sharing initiatives in not only the Channel Islands, but also elsewhere. We consider how data foundations may contribute toward practical advancement of independent data stewardship as part of a wider data institution movement. We then focus on opportunities for functional data foundations to be established via legal structures under English law, and introduce key design principles that should be used to guide the design and development of any data foundation.
Data Institutions
The Open Data Institute (ODI) uses the phrase “data institution” as an umbrella term to describe
“organisations whose purpose involves stewarding data on behalf of others, often towards public, educational or charitable aims.”
(Dodds et al., Reference Dodds, Szász, Keller, Snaith, Duarte, Hardinges and Tennison2020)A core component for both data institutions and data foundations, therefore, is the concept of independent data stewardship. While this concept is not new, there is a need for more robust independent data stewardship models that are able to oversee data-driven, multi-party data sharing, usage and re-usage; especially those which increase “citizen control” over personal data (Mac Manus, Reference Mac Manus2020).Footnote 2 For instance, according to Verhulst (Reference Verhulst2018), one of the five key functions of the data steward is “partnership and community engagement.” The Royal Society and the British Academy (2017) have also called for a new stewardship body to oversee “the entire data governance landscape” with the ability to “foster dialogue and deliberation” between stakeholders, including the wider public.
Data trustsFootnote 3 are one form of data institution (Hardinges and Tennison, Reference Hardinges and Tennison2020) that have received considerable attention as conceptual framework for good data governance (Hall and Pesenti, Reference Hall and Pesenti2017; Hardinges, Reference Hardinges2020) where other mechanisms would be unsuitable (e.g., open data, commercial agreements) (Stalla-Bourdillon et al., Reference Stalla-Bourdillon, Thuermer, Walker, Carmichael and Simperl2020). Citizen representation is also recognized as a crucial aspect of designing decision-making processes for data trusts (Bunting and Lansdell, Reference Bunting and Lansdell2019). While the notion of the data trust is valid in principle, workable data trusts are in their infancy—meaning that any significant impacts on the growth of responsible and sustainable data sharing initiatives are yet to be realized (Lewis, Reference Lewis2020).
Data foundations as a workable model
In our recent Web Science Institute (WSI) White Paper (Stalla-Bourdillon et al., Reference Stalla-Bourdillon, Wintour and Carmichael2019), we introduced data foundations as a good data governance model that could be used to create independent entities that foster responsible and sustainable data usage, management, and sharing, in a manner that will hopefully help incentivize organizations to share (more) data. We therefore define the term “data foundation” as follows:
“An entity incorporated under the Channel Islands’ foundation laws, which supports responsible and sustainable non-personal and personal data usage, sharing, and re-usage by means of independent data stewardship.”
(Stalla-Bourdillon et al., Reference Stalla-Bourdillon, Wintour and Carmichael2019)We maintain that data foundations provide a valuable framework, because they satisfy the following six fundamental components required for any data governance model (Stalla-Bourdillon et al., Reference Stalla-Bourdillon, Wintour and Carmichael2019):
• A comprehensive rulebook can be founded through the charter as well as the rules/regulations of the foundation.
• A strong, independent governance body can be established through the role of guardian for the foundation.
• An inclusive decision-making body can be set up via the council of the foundation.
• A flexible membership can be facilitated through amendments to the charter of the foundation.
• A trust-enhancing technical and organizational infrastructure can be established before any data are transferred to the foundation.
• A well-regulated structure is provided, as foundations are regulated entities.
A key advantage of the data foundations model therefore is that it leverages existing legislation and builds on established precedent (Stalla-Bourdillon et al., Reference Stalla-Bourdillon, Wintour and Carmichael2019). Whereas, there is still a lack of consensus on the most appropriate legal structure for data trusts, for example, trust law debate (BPE Solicitors et al., Reference Reed2019; Delacroix and Lawrence, Reference Delacroix and Lawrence2019). Furthermore, the statutory role of the guardian is a unique requirement in the Channel Islands, which interpreted in a data governance model provides the independent data steward (Stalla-Bourdillon et al., Reference Stalla-Bourdillon, Wintour and Carmichael2019).
The statutory role of guardian
As aforementioned, data stewardship is a vital aspect for all data institutions. A key part of any robust data governance model therefore is a strong, independent governance body composed of independent data stewards with interdisciplinary expertise that are able to oversee the decision-making body.Footnote 4 We define the term “guardian” as follows:
“A legal person, who is independent from the council and who oversees the administration of a foundation to ensure it achieves its purposes in accordance with its charter and regulations/rules. It can, for example, be granted the power to veto council’s decisions. Interpreted in a data governance model this role forms a critical element in providing the independent data steward.”
(Stalla-Bourdillon et al., Reference Stalla-Bourdillon, Wintour and Carmichael2019)The role of the guardian is a unique requirement in the Channel Islands, and is peculiar to these types of structures. All foundations incorporated under Jersey foundations law must have a guardian—although this guardian does not need to be connected with Jersey (Le Cornu, Reference Le Cornu2009).
Creating Data Foundations in Practice
There are two legal routes for establishing a data foundation:
(i) A registered data foundation—incorporated as a legal entity in the Channel Islands.
Alternatively, where such incorporation would be impractical.
(ii) A functional data foundation—established through a legal structure outside the Channel Islands, which mirrors the key elements of these foundation laws (e.g., companies limited by guarantee [CLG], English law).
Establishing functional foundations under English law
There are various legal structures under English law that are potential candidates for establishing functional foundations outside the Channel Islands. A useful starting point for possible legal frameworks that could mirror and/or incorporate some of the elements of Channel Islands’ foundations laws is the report commissioned by ODI (BPE Solicitors et al., Reference Reed2019). In this report, BPE Solicitors examine five possible legal structures for data trusts referring to UK or English law: “traditional legal trust model,” “contractual framework model,” “corporate model,” “public model,” and “community interest companies model” (BPE Solicitors et al., Reference Reed2019). Our approach is slightly different in that we are using Channel Islands’ foundations laws as an existing legal benchmark—in order to find the most comparable legal structures.
The key benefits of establishing a legal entity
Since the creation of a legal entity to oversee data sharing makes it possible to simplify the management of the asset, we need first to focus on structures under English law that give rise to a legal entity. It is therefore important to note some key reasons why creating an independent, legal entityFootnote 5 may be of benefit to data sharing initiatives in particular:
• To widen the range of stakeholders in the decision-making process to include not only data providers and data users, but also representatives of civil society and the wider community.
• To offer greater assurances to members of the data sharing initiative that data are shared, managed, used and reused sustainably—especially for data providers who may be incentivized to participate within a data sharing initiative on the condition that data usage and re-usage is monitored.
• To provide greater assurances to the public in that there is no conflict of interest, best practices for data governance are followed—and to make data subject rights more effective.
• To give certainty over the legal responsibilities and liabilities of those involved in the data sharing initiative.
• To make sure that the whole data environment is taken into consideration by the data governance team.
• To incentivize independent data stewards to fulfil their responsibilities in practice.
Given that it is not possible to create a legal entity in its own right through English trust law—and thereby to shift (at least partially) the liability burden from data owners and data users to the functional data foundation—we do not consider the traditional trust model to be an appropriate candidate in these circumstances.Footnote 6
It is further important to note that the statutory role of guardian has more power than the comparable role of enforcer or protector of a trust, because the guardian is able to veto and/or authorize the council’s decisions (Le Cornu, Reference Le Cornu2009).Footnote 7 In the words of Le Cornu:
“This is in my view an extremely important power of the Guardian and takes the Foundation beyond any power that could be given to a protector of a trust. The Council may as a result be able to take actions which have otherwise not been foreseen, which in the case of a company or trust would require applications to court in order to sanction.”
(Le Cornu, Reference Le Cornu2009)The guardian, therefore, is likely to have more input into the day-to-day operation of a data sharing initiative than an enforcer or protector. Moreover, the guardian is likely to require multi-disciplinary skills to oversee the data foundation effectively, and therefore may be a legal entity in its own right with the ability to provide expertise in a variety of areas, including risk and compliance as well as law and information technology.
In terms of structures that give rise to legal entities under English law, there are various potential options for functional data foundations, including: CLG, co-operative societies (COOP), and community benefit societies (CBS).
Example: establishing a functional foundation through a CLG
A CLG appears to be a strong candidate for establishing functional foundations outside the Channel Islands, as it seems to mirror key elements of Channel Islands’ foundations laws. For instance:Footnote 8
• A comprehensive rulebook could be founded through its articles of association on incorporation.Footnote 9
• An inclusive decision-making body could be set up via its board of directors, which could include an independent chairperson.
• A flexible membership could be facilitated through membership processes outlined by its articles of association (e.g., for granting and terminating membership).
• A trust-enhancing technical and organizational infrastructure could be established before any data are transferred to the CLG, as it does not require any initial capital or endowment.
• A well-regulated structure is provided, as CLGs are regulated entities (e.g., under the Companies Act, 2006).
Yet, as the unique two-layered board structure of the data foundation—that is the separate layer for management (i.e., the council of the foundation) and further layer for oversight (i.e., the guardian)—cannot be replicated under English law, a key aspect that needs further consideration is how a CLG, or other legal structure, could provide a strong, independent governance body. Given English law does not give rise to an equivalent statutory role to that of the guardian (as specified by foundations laws in the Channel Islands), the key question therefore is how this key role could be generated through the CLG or another legal structure? One option is as follows:
• A strong, independent governance body could be generated and specified through the rulebook of the functional data foundation, for example, via the articles of a CLG, the rules of a COOP or CBS.
To ensure that such prescription would be sufficient to give rise to a guardian is a crucial area for further research—and one that requires expertise from specialists in legal structures under English law as well as foundations laws in the Channel Islands.
Citizen representation
A further key aspect that necessitates further deliberation is how a CLG, or other legal structure, could provide robust mechanisms for citizen representation. Building on the assessment of BPE Solicitors et al. (Reference Reed2019), concerning the representation of data subjects in the context of data trusts, one option is that robust mechanisms for citizen representation could be generated and specified through the rulebook of the functional data foundation, for example via the articles of a CLG, the rules of a COOP or CBS. Such mechanisms could include:
• A citizen representative who sits as a mandatory member of the inclusive decision-making body (as per BPE Solicitors et al., Reference Reed2019).
• An advisory group that reports to the inclusive decision-making body that, as part of its remit, focuses on citizen representation (as per BPE Solicitors et al., Reference Reed2019).
• Citizen panels that have influence within key decision-making processes—that is the incorporation of “a learning data governance model” (Banner, Reference Banner2020)—such as the evaluation of data re-usage outcomes.
• The independent guardian has well-defined responsibilities for both oversight of and direct involvement with citizen representation.
Key design principles
So far, we have focused on the rationale for data foundations as good data governance models for data sharing initiatives—and provided an example of how a functional foundation could be established outside the Channel Islands as a CLG under English law. However, it is also important that we look beyond the minimum standards prescribed by law, and outline some universal principles that unite all data foundations—whether they are incorporated in the Channel Islands, or are established as functional data foundations under English law or elsewhere.
We therefore propose all decisions related to the construction and operation of a data foundation should be guided by the following eight key design principles:
• All data are relevant—personal as well as nonpersonal data. This is because personal data and nonpersonal data are not binary conceptsFootnote 10—data shared, used, and reused as part of data sharing initiatives are likely to be personal data or become personal data, for example through purpose of use, data linkage, result of use (Stalla-Bourdillon et al., Reference Stalla-Bourdillon, Thuermer, Walker, Carmichael and Simperl2020).
• Data stewards are independent—the guardian generates necessary tensions in order to ensure legal and ethical compliance.
• Expected standards of good practice for data governance specified by a code of conduct—a code of conduct should be adopted that sets out core principles, practices, and responsibilities for data governance, which is driven by data ethics.Footnote 11 This code of conduct is essential given that only personal data are heavily regulated and the line between both nonpersonal and personal data is not always clearly drawn.
• Self-regulation—internal compliance mechanisms are crucial for ensuring that expected standards for data governance are achieved.
• Monitoring is the heartbeat—audit and assurance processes create transparency and accountability.
• Sustainability—data foundations must be able to maintain themselves at an accepted level for their lifespan.Footnote 12
• Accreditation stimulates market growth—certified data foundations are likely to have a competitive advantage.Footnote 13
• Stakeholder approvals need to be maintained—data foundations must work to attain and retain a social license,Footnote 14 proactive and meaningful mechanisms for citizen representation are especially important to build trust and confidence.
Conclusion
Data foundations offer a robust workable model for data governance in practice, as they provide: a comprehensive rulebook; a strong, independent governance body; an inclusive decision-making body; a flexible membership; a trust-enhancing technical and organizational infrastructure; and a well-regulated structure. There is therefore an opportunity to advance the wider data institution movement through a legal structure that is ready for use and well-suited to the needs of data sharing initiatives, in particular, since data foundations incorporate the vital element of independent data steward through the statutory role of the guardian.
There are two legal routes for establishing a data foundation in practice, either as a registered data foundation incorporated in Guernsey or Jersey, or as a functional data foundation through a compatible legal structure outside the Channel Islands. In this paper, we focused on CLG as a strong candidate for such a legal structure under English law. Another advantage of the data foundations model for the wider data institution movement therefore is that it provides a legal benchmark for data governance to support the comparative analysis of different legal structures in other jurisdictions.
We further outlined eight universal design principles to unite all data foundations irrespective of legal structure: (a) all data are relevant, (b) data stewards are independent, (c) expected standards of good practice for data governance specified by a code of conduct, (d) self-regulation, (e) monitoring is the heartbeat, (f) sustainability, (g) accreditation stimulates market growth, and (h) stakeholder approvals need to be maintained.
Moving forward, in addition to producing a prototype data foundation, a key area for further exploration is how to establish one or more standardized ways in which the role of guardian for functional data foundations could be created, which aligns with the statutory role prescribed by foundations laws of the Channel Islands. Furthermore, we need to explore how robust mechanisms for citizen representation can be integrated within the data foundation model.
Funding Statement
This work was supported by the Web Science Institute at the University of Southampton under its pump-priming program.
Competing Interests
Sophie Stalla-Bourdillon is a Professor at the University of Southampton and is the Principal Investigator for this work and received the grant for its creation. Laura Carmichael is a Research Fellow at the University of Southampton and declares no competing interests. Alexsis Wintour is a Director of Lapin and declares no competing interests.
Data Availability Statement
The data that support the findings of this study are openly available on the University of Southampton Web Science Institute’s website at https://www.southampton.ac.uk/wsi/enterprise-and-impact/white-papers.page
Authorship Contributions
Conceptualization, S.S-B., L.C., and A.W.; Formal analysis, S.B., L.C., and A.W.; Investigation, S.S-B., L.C., and A.W; Methodology, S.S-B., L.C., and A.W.; Project administration, A.W.; Resources, S.S-B., L.C., and A.W.; Supervision, S.S-B.; Writing-original draft, S.S-B., L.C., and A.W; Writing-review & editing, S.S-B, L.C., and A.W.
Acknowledgments
An earlier version of this article was made available for the Data for Policy conference 2020. We extend our special thanks to Krish Dholakia, Womble Bond Dickinson and again to all those that supported and contributed to the White Paper (Stalla-Bourdillon et al., Reference Stalla-Bourdillon, Wintour and Carmichael2019) on which this article is built. Please note that all views and opinions expressed in this article are those of the authors, and do not necessarily represent those involved in the wider consultation process and named above.
Comments
No Comments have been published for this article.