February 11, 2022
Much is preached in the house of digitalization when it comes to data protection. For the public sector in particular, the security of its citizens’ data and the associated guarantee of its own data sovereignty is a key concern. The implementation? Not so easy when data needs to be made shareable between different organizations: Clever solutions are needed here. Everyone is currently talking about data trusteeship in this context. What is it all about? Is a data trustee also needed in the smart city sector – and if so, what do they need to bring to the table? Data protection and sovereignty play a fundamental role for municipalities and citizens in the context of digital urban development. However, successful digitalization and the use of digital solutions requires cooperation between organizations in many areas – and the associated exchange of data. The concern that valuable personal data in particular could be misused is justified: This is why an authority is also needed in the digital space to help protect the interests of all parties involved and ensure that rules are adhered to. For many, the new magic formula here is a model that is primarily known from the legal context: the fiduciary. Generally valid definition – follows… The desire behind the definition of the model is to tackle obstacles to data sharing in various areas with one tool. However, a universally accepted definition of data trust has been lacking to date. The New Responsibility Foundation, for example, has therefore defined data trust objectives as part of its study on the topic: Firstly, so-called data subjects – for example consumers or other data protection law stakeholders – should be more involved in the commercial exploitation of data. The exchange of data should also be simplified and data should be made more readily available to promote innovation and competition – and the trust serves as an anchor of trust or mediator between data providers and data users. Based on these objectives, the study does not provide a definition, but at least three characteristics of a data trust: First of all, it is data intermediary. This means that it manages, forwards and/or processes data from one party for the benefit of one or more other parties. The data trust is also bound by various legal requirements: On the one hand, this includes the fulfillment of general law such as data protection or antitrust law, and on the other hand, the additional agreements structured by the parties involved. Thirdly, the requirements for the mechanisms of a data trust are always application-dependent and can never be formulated in general terms. Well-intentioned and over-regulated? Despite the lack of a universally valid definition, data trust models are on everyone’s lips: Not least according to the coalition agreement of the traffic light coalition, the trust is to be “launched” as an instrument in the data ecosystem – and in the new Telecommunications Telemedia Data Protection Act (TTDSG) it is defined as a recognized service for consent management. In addition to the TTSDG, the Data Governance Act, which is due to be passed in February, provides initial guidelines for the model, but these have been criticized. The high neutrality requirement for the trust makes it almost impossible to develop services that are not purely state-run, as it is difficult for providers to guarantee their independence. The strict requirements within the DGA also raise the question of how a non-public provider is supposed to work economically as a trustee in this context: Incentives are simply regulated away. At the same time, there is no body that could accredit and certify data trustees – such as notaries in the justice sector. The data trustee for the smart city The need to share data between organizations when it comes to efficient digital urban development makes the idea of the data trustee fundamentally interesting for use in the smart city sector. However, urban data that is used by local authorities here is usually already open and ready for access in the form of open data and is not of interest for sharing via the data trustee. In order to define the purpose of the model for the smart city, several questions arise: What data do local authorities actually need that is not already available to them? And for whom is the data trustee there – unilaterally for municipalities, or also when companies need data: for example, to train their artificial intelligence with data from the city context? DKSR will address these questions and more as part of the KomDatis research project “Municipal data trustees – integration of citizens and companies for the sovereign exchange of data in the smart city” together with the Chair of Industrial Information Management at TU Dortmund University, the AQUA research group led by Falk Howar and Fraunhofer ISST. However, this is not just a theoretical search for answers: together with the partner cities of Mainz and Mönchengladbach, we want to develop use cases in which the smart trustee is tested. You can find the latest news on our project website – or on LinkedIn! If you have any questions on this topic, please contact David Hick.