Data trusts in Germany and under the GDPR

The report by Anouk, Ruhaak, Mozilla Fellow at AlgorithmWatch, considers alternative approaches to data governance, specifically data trusts.

The ongoing collection of personal data and the use of this data in automated decision-making systems (ADMS) raises questions about the effectiveness of current approaches to data governance. Personal data is collected and used to automatically predict and prescribe our actions. There is much to be said about the accuracy of such predictions, but while their benefits may be unclear, their harms are certainly not. The vast majority of use cases of data-driven, automated decision-making systems recorded in the Automating Society 2020 report tend to endanger, rather than help people.

Depending on where you live, you may now have the right to allow or prevent the collection of data about you. These rights are vital, but on their own, they are insufficient to protect individuals and society against the worst harms of mass data collection and use. In addition, they do little to promote the collection of data for uses that benefit us. We need data governance models that emphasize both the individual and collective risks of data sharing and help us decide when and how we want to make data about ourselves available.

The European Commission’s most recent proposal for a Data Governance Act takes the first steps towards the creation of such governance models. It proposes a regulatory framework that allows independent third parties to act as intermediaries between data holders and data users. However, this proposal falls short in at least two ways. On the one hand, it does not allow for intermediary services to represent the data rights of data subjects. As a result, the ability of data intermediaries to act on behalf of others is severely limited. On the other hand, the regulatory requirements for these new organisations do not provide sufficient safeguards against abuses of power.

In this report, we consider alternative approaches to data governance, specifically data trusts.

We discuss three major points:

Key recommendations:

With support from

Sign up for our Community Newsletter

For more detailed information, please refer to our privacy policy.