What exactly is a data trust?

Data trusts can play a key role in protecting personal information gathered in smart-city projects. But it’s a tricky balance between having open data sharing and protecting privacy.

Many smart-city solutions promise new levels of efficiency and sustainability. But one of the key issues around any smart-city project is data governance: who controls the vast quantity of so-called “digital exhaust” you’ll produce as you live your daily life? Whether it’s your travel patterns, purchasing preferences or even your home’s utility usage, minute details of your life will be tracked and monitored by sensors, apps and platforms. What is the best way to manage and protect that information?

One model to help protect privacy is a civic data trust. “The idea of trusts as a way to store something of value has been around for centuries, but traditionally applied to real estate or financial assets,” says Alex Ryan, senior vice president of partner solutions at MaRS, who has written extensively on how the model can be applied to smart cities. “The concept of applying it to data governance is much more recent.”

Essentially, a data trust is an independent third party (i.e., not government or private industry) managing collection and use of smart-city data. The idea is to ensure the data is properly managed from a privacy standpoint, and isn’t monopolized.

In 2018, Sidewalk Labs had proposed using one in its development of the Quayside in Toronto. The idea was that a not-for-profit board, comprising citizens, politicians and tech-industry representatives, would take on the role. Key to the whole enterprise, says Ryan, “is to enable open data sharing and access to that data for new entrants, not just big tech companies.” In other words, the data would be accessible to startups and tech behemoths alike.

Sidewalk Labs’ data trust plan was withdrawn last year in the face of criticism that it lacked proper oversight, and could conflict with existing privacy legislation — and then, of course, the entire Quayside project was cancelled this spring. But the idea may yet resurface in future smart-city discussions, alongside related data-governance models in use around the world.

In Barcelona, a “data lake” called CityOS sees smart-city data pooled into a central repository, to which access is managed by the city. In Estonia, the country’s X-Road system is a decentralized system that connects the country’s “smart government” agencies through a secure data exchange, allowing instant data transfer and high security. Members of the public can control who can see their encrypted data, on everything from health care to taxation to traffic tickets.

“Data trusts can play a role in ensuring governments guarantee that data required for public services isn’t captured by commercial interests or held hostage for shareholder value,” wrote Toronto-based open-government and privacy advocate Bianca Wylie. But, she cautioned, they need to be strengthened by force of law and defined and designed by citizens, not only private-sector players. And they don’t “inherently create good governance or solve the very real questions about the best business model for public interest data stewardship. They are one piece of a larger governance puzzle, one that necessarily includes laws, policies, standards, rights and much more.”