Structure of a data trust
One of the main constraints on the use of data trusts at present is that there is no definitive structure of a data trust. A legal report commissioned by the ODI suggests that there are five potential legal structures for data trusts. We have provided a summary of each potential structure below.
1. Traditional Legal Trust
This model would adopt the traditional model of a legal trust in that the data is administered by the trustees on behalf of the beneficiaries. However, there are two issues with this approach, the first is that the law does not currently recognise data as property and so cannot be held under trust, and the second is that for an ordinary legal trust, trustees are required act in the best interests of the beneficiaries when dealing with trust property. This means that trust property cannot be used for a socially beneficial purposes if that use does not also benefit the beneficiaries of the trust.
2. Contractual Framework Model
This model would be similar in nature to a standard data sharing agreement, which would form a contractual agreement between the data provider, data users and any third parties who accede to the agreement. The benefit of this method is that it is flexible and the agreement can be varied in accordance with the needs of the parties entering into. However, as there would be no centralised management of the data, this method could lead to the governance of the data being problematic, which could then cause the public’s faith in such arrangements to diminish and as such an increase in the public’s reluctance to share their data.
3. Corporate Model
Under a corporate model, it is envisaged that a separate entity (e.g. company or partnership) would be established to manage the data and the access granted to it. With this model most entities would be able to hold assets (such as a database of data) and representatives of the stakeholders could make up the board who would manage the day-to-day operations of the corporate body. Additionally there are established forms of governance which would dictate the running of the company. That being said, in the case of limited companies, its directors have a duty to act in the interest of the company. This means that the directors may be forced to disregard the benefit to the public in favour of that of the company.
4. Public Model
The legal report commissioned by the ODI states that this model does not yet exists but it hypothesises a public regulator either similar to or being the Information Commissioner’s Office (ICO) being set up to regulate data trusts and enforce breaches of such regulations. The benefit to this model is that with a public regulator acting in the public interest, the public’s fears of the unscrupulous use of their data to an organisation may be waylaid. The main disadvantage of this approach, is that such a regulator does not yet exist and the cost of establishing and continual funding may not be deemed necessary by the government.
5. Community Interest Company (CIC) Model
A CIC is a type of company that focuses on a social purpose. That being said, it can still operate like a company in that it can distribute profits. The benefit of the CIC approach is that there is a governance structure in place as with limited companies. However, a CIC still has a social purpose which the CIC would have to demonstrate that it is operating towards. There are drawbacks to this model. It has not been confirmed whether or not the regulator of CICs would accept a data trust as qualifying as a CIC. Additionally, CICs are subject to an “asset lock”, this prevents members from using assets of the CIC for their benefit unless the use of that asset is incidental to the CIC’s social purpose. There are “legal” workarounds to bypass this issue. However, whether these are viable alternatives from a commercial perspective are yet to be seen.
As can be seen from the above summaries, the current structures may not be suitable for the novel issues caused by data sharing on such a large scale. How this issue is resolved remains to be seen.