Data Trusts: Can Individuals Regain Trust in the Management of their PI?

One of the most prominent privacy issues that keeps being raised by individuals is the lack of control with respect to the personal information they transfer to public or private organizations. Several solutions to this problem have been deployed over time, including seeking consent from the individual by explaining the various uses, collections and sharing of their personal information. Withdrawal of this consent can also be offered to the individual as a solution. However, several facets of these concepts have become very obsolete in the face of increasing privacy risks and issues, as well as complaints from individuals regarding the management of their personal information.

Fortunately, an innovative solution to this problem has emerged in the recent years: data trusts. Through its original legal structure, it aims to put the individuals in control of their personal information by placing this data under the control of an independent entity (the trustee), which has  a fiduciary obligation to govern and protect the interests of the individuals to whom the data belongs (the beneficiaries) – so that the data is used properly. Individuals know from the outset what to expect with respect to the use of their personal information, since each party consents to the terms of the contract governing the data trust. « An ecosystem of data trusts, each with different constitutional terms, could enable data-subjects to select an approach to data governance that mirrors their privacy preferences and values »1. Depending on its rules of constitution, a data trust could also become a competitive advantage for businesses.

Ce contenu a été mis à jour le 14 mars 2021 à 20 h 15 min.