Safely guided to the smart city – by the data trust?
There is a lot of preaching in the house of digitization when it comes to data protection. For the public sector in particular, the security of its citizens’ data and the associated guarantee of its own data sovereignty is a central concern. But how do you implement this? Not so easy when data is to be made shareable between different organizations: Clever solutions are needed here. Everyone is currently talking about data trusteeship in this context. What is it all about? Is a data trustee also needed in the smart city sector – and if so, what does it need to bring to the table?
In the context of digital urban development, data protection and sovereignty play a fundamental role for municipalities and citizens. However, successful digitization and use of digital solutions requires cooperation between organizations in many areas – and thus the exchange of data. The concern that valuable personal data in particular could be misused is justified: In the digital space, too, a body is needed to help safeguard the interests of all parties involved and ensure that rules are adhered to. For many, the new magic formula here is a model known primarily from the legal context: the trust.
Universal definition – follows…
The wish behind the definition of the model is to address obstacles of data sharing in different areas with one tool. However, there has been a lack of a universally accepted definition of data fiduciary. The New Responsibility Foundation, for example, has therefore defined data fiduciary goals in the course of its study on the topic: First, so-called data subjects – for example, consumers or other parties affected by data protection law – should be more involved in the economic exploitation of data. The exchange of data should also be simplified and data should be made more readily available to promote innovation and competition – and the trust serves as an anchor of trust or mediator between data providers and data users.
Based on these goals, the study does not define a data trust, but at least identifies three characteristics: First, it is data intermediary. This means that it manages, forwards, and/or processes data from one party for the benefit of one or more other parties. The data trust is also bound by various legal requirements: On the one hand, this includes the fulfillment of general law such as data protection or antitrust law, and on the other hand, the additional agreements designed by the parties involved. As a third point, the requirements for the mechanisms of a data trust are always application-dependent and can never be formulated in general terms.
Despite the lack of a universally valid definition, everyone is talking about data trust models: Not least according to the coalition agreement of the traffic light coalition, the trust is to be “launched” as an instrument in the data ecosystem – and in the new Telecommunications Telemedia Data Protection Act (TTDSG) it is specified as a recognized service for consent management.
In addition to the TTSDG, the Data Governance Act to be passed in February provides initial guidance for the model, but it has come under criticism. The high neutrality requirement for the trust makes it nearly impossible to develop offerings that are not purely governmental, as their providers have difficulty guaranteeing their independence. The strict requirements within the DGA also raise the question of how a non-public provider is supposed to work economically at all as a trustee in this context: Incentives are simply regulated away. At the same time, there is no body that could accredit and certify data fiduciaries – like notaries in the justice sector.
The data trust for the smart city
The need to share data between organizations when it comes to efficient digital urban development makes the idea of the data trustee interesting in principle for use in the smart city field. However, urban data that is used for municipalities here is usually already open and ready for access in the form of Open Data and is not interesting for sharing via the data trustee. To define the purpose of the smart city model, several questions arise: what data do municipalities even need that they don’t already have? And who is the data trustee for – unilaterally for municipalities, or also when companies need data: for example, to train their AIs with data from the city context?
DKSR will address these questions and others as part of the research project KomDatis “Municipal Data Trustees – Integration of Citizens and Companies for Sovereign Data Exchange in the Smart City” together with the Chair of Industrial Information Management – TU Dortmund University, the research group AQUA around Falk Howar and the Fraunhofer ISST. But we will not stop at the theoretical search for answers: Together with the partner cities of Mainz and Mönchengladbach, we want to develop use cases in which the smart trustee will be tested.