Data protection beyond data rights: governing data production through collective intermediaries
Abstract
Considering calls for more collective approaches to governing data about people, this paper explores how such interventions have been envisioned and enacted by their proponents. I focus on four types of data intermediary: data trusts, decentralised autonomous organisations, data cooperatives and data unions. These collective governance mechanisms build on individualist data rights by embracing data as a form of collective value and redistributing benefits toward their members. While many privacy laws seek to balance competing commercial, public, and private interests in data, I argue these intermediaries work to align the social and economic value of aggregated data with the normative interests of individuals described in it. In detailing how these four mechanisms have been imagined and implemented, I find demand for collective data governance exists across many jurisdictions and a wide range of otherwise divergent ideological positions. This partial consensus provides an opening for lawmakers within and beyond the European Union to strengthen individual data rights through legal recognition for collective governance mechanisms to intervene in processes of data collection, management, and circulation.Introduction
In the years since the European Union’s (EU) General Data Protection Regulation (GDPR) came into force, a new paradigm of personal data protection based on data rights has expanded to jurisdictions all over the world. Data rights build on the existing informed consent model of privacy through expanded rights to object to data processing as well as access, amend, delete, and sometimes move personal data held by organisations. These rights emerged alongside the growing role of data-driven technologies and pervasive algorithmic decision-making in people’s everyday lives all over the world – a process known as datafication (Mejias & Couldry, 2019). In this article, the term ‘data’ is used to refer specifically to digital data about people, including personally identifiable information but also data that may not be directly identifiable or data that has been de-identified or anonymised. As the massive effects of datafication have become clearer, so have the limitations of personal data protection based on informed consent and the assumption that individuals can reasonably predict how data collected about them will be used and shared (Custers, 2016). Many have advocated major reforms including formalisation of collective rights to privacy and development of new forms of collective governance (Mantelero, 2017; Graef & van der Sloot, 2022).
The EU’s Data Governance Act (DGA) (2022), which takes effect in September 2023, is a partial answer to these calls. It is the first legislation to enable third party data governance by regulating for-profit ‘data intermediation services’ and non-profit ‘data altruism organisations’ (Regulation 2022/868). Data intermediaries – third parties designed to act as go-betweens for data subjects and collectors – will be permitted to collect, pool and share data about people to “enhance the agency of data subjects, and in particular individuals’ control over data relating to them” by helping exercise their rights under the GDPR and negotiating terms of use on a collective basis (Regulation 2022/868). Given the global influence of European data protection, it is likely that comparable legislation emerges in other jurisdictions (Bygrave, 2020). Outlining the broad-ranging implications of the DGA is beyond the scope of this paper. Instead, it explores how different visions of collective data governance have emerged in the absence of enabling legislation across several liberal-democratic jurisdictions within and beyond the EU.
For several years, activists, policymakers and entrepreneurs have actively promoted collective data governance interventions. Yet little scholarship has explored what these mechanisms look like in practice and how they propose to address the limitations of individually focused data rights. I address this gap by exploring four proposed mechanisms for collective third-party data governance: data trusts, decentralised autonomous organisations (DAOs), data cooperatives and data unions. I ask: How do data intermediary proponents envision the impact of these interventions in the data governance landscape?
Many popular narratives and much scholarship on data governance emphasises conflicting individual and commercial interests in data (Jones & Tonetti, 2021; Brennan-Marquez & Susser 2022). Privacy legislation like the GDPR already seeks to balance commercial, public, and individual interests (See GDPR Article 6(1); Bygrave, 2014). Yet data about people retains an ambiguous legal status as both a fungible commodity and an object of rights-claims (Daly, 2022).
Data intermediaries reframe data governance as a matter of collective concern through attention to the conditions of ‘data production’ – a term I use to describe how value is created with data throughout processes of creation, aggregation, management, storage, analysis, and in many cases, commercialisation. They draw attention to the relevance of collectives united by common interests that are typically narrower than notions of the general public. Collective data governance proposals require looking beyond the common opposition between data markets and data rights. Complementing efforts to balance competing interests in data, I argue the intermediary proposals explored here aim to better align the social and economic value of data with the normative interests of individuals described in them by redistributing benefits of data production back to individuals through collectivisation. This orientation to the collective scale does not resolve conflicting interests but may bolster data subjects’ ability to benefit from data markets without compromising their data rights.
Through my analysis, I find demand for new forms of collective data governance exists across a broad spectrum of political opinion. Despite contradictions arising from divergent political motivations, data intermediaries intervene in the politics of data governance through their attention to the common interests of individuals captured in data. Broad-based enthusiasm for collectivist interventions may signal the emergence of a new trend in data governance poised to extend beyond the EU. In what follows, I synthesise interdisciplinary literature on privacy and data governance to conceptualise the role and importance of collective approaches. This is followed by a note on methodology and case selection. I then explore how four proposed mechanisms have been envisioned and implemented by their proponents, identifying potential strengths and limitations. I conclude by discussing the potential for collective data governance to complement the data rights paradigm by mitigating some of its limitations.
Property/rights
Western liberal citizenship is the product of longstanding tensions between democratic ideals and capitalist imperatives. These contradictions have only intensified under ‘surveillance capitalism’, which as Zuboff (2019) suggests, “unilaterally claims human experience as free raw material for translation into behavioral data” (p. 8). Many data collectors act as if data are ‘just there’ for the taking but exchanging data as essentially fungible stores of value ignores the humans in the data (Couldry & Mejias, 2019). Privacy rights are intended to constrain this Lockean vision of data ownership by recognising the moral claims of individuals described in data.
Data commercialisation is frequently understood in materialist terms. This is implicit in trite claims that data are the oil that will fuel the fourth industrial revolution. More explicitly, Ritter and Mayer (2018) argue for formalising property rights in data because “information in any digital or electronic medium is and always has been, physical, tangible matter” (p. 221). In many jurisdictions data does not have formal status as property (Scassa, 2018). In the absence of clear property rights, material possession and control of data often amount to de facto ownership.
The commodification of data has led to a privileging of economic perspectives on data governance (Carriere-Swallow & Haksar, 2019). At the global scale, data are frequently approached through the lens of trade policy (Aaronson, 2019). Economists tend to approach privacy as a form of constrained decision-making to the end of optimising data’s value as an intangible commodity to individuals and society. This leads to suggestions that strengthening individual control through formal property rights (Jones & Tonetti, 2020), reducing information asymmetries (Acquisti et al., 2016) and mitigating against ‘privacy externalities’ (Acemoglu et al., 2019) – the collective impacts of data collection – will empower citizen-consumers to make more rational choices about data that describes them (Colangelo & Maggiolino, 2019).
Such rationalist understandings of privacy have long been understood as incomplete. In 1890, Warren and Brandeis argued that privacy protections should entail “[t]he right to property in its widest sense… including all rights and privileges,” by securing the “inviolate personality” of individuals and the “right to be let alone” (pp. 211; 193). In this view, privacy rests on freedom from unnecessary incursion into an individual’s personal affairs and the power to control how identifying information may be produced, shared and used (see also European Convention on Human Rights (Article 8)). Contemporary rights-based approaches commonly associated with the EU are often grounded in human-centred moral claims (Taylor, 2017). Privacy is positioned as both a fundamental right and a key enabler of other rights (Nyst & Falchetta, 2017). Through this lens, digital surveillance threatens freedom of conscience and expression, rights to dignified work and education, and freedom from discrimination among other human rights.
Yet approaching massive data collection and analysis solely through the lens of individual rights neglects the collective dimensions of datafication. Data from individuals are valuable to collectors because they inform insights about groups. Across several disciplines, scholars have observed that while governance efforts frequently emphasise individuals, data collectors are more often interested in understanding “the crowd” (Taylor et al., 2017, p. 2). As we navigate the internet, many fragmented and partial observations about who we are and what we do render us legible to state and market actors for sorting and stratification (Austin, 2022; Fourcade & Healy, 2016). Aggregated data inform algorithmic analyses used to govern people at the collective scale. This governance exists within and extends beyond any single polity or conception of ‘the public’. People are sorted into groups based on common features for a wide range of purposes including targeted marketing, credit scoring, and risk assessment (Zuboff, 2019). Oftentimes this sorting is conducted without the full knowledge of those who are affected. Even if an individual chooses to opt out of data collection, their preferences and behaviours may be inferred by comparing them to people that share similar features (Acemoglu et al., 2019). Data rights are thus wielded by individuals with little hope of grasping the implications of their actions nor of controlling the actions of others.
Wendy H. Wong (2023) observes that data extracted from people are necessarily co-created by an actor and an observer. This draws attention not only to the asymmetries that characterise data production, but the mutual interests held by data collectors and subjects in the data they co-create. Digital data are both ideational and material (Raso & Sheffi, 2021). Data are artefacts of conceptual norms that inform what is important to observe and how to measure it. They require physical infrastructure like servers and network cables to collect and store these observations. Data gives rise to moral claims about autonomy and dignity (“I object to this”) and economic claims regarding the distribution of value derived from it (“I deserve to be compensated for this”).
We might ‘like’ a tweet or hover over the thumbnail of the Netflix game show “Is it Cake?” before settling on “RuPaul’s Drag Race” but for those acts to become data, other people, organisations and infrastructures are required to observe and often transform them into information or actionable knowledge (Rowley, 2006). In most contexts, data collectors set priorities about what to observe and how to observe it. They also control the infrastructures used to collect and physically store these observations. Collectors put great effort into incentivising us to make ourselves amenable to data collection – to want to share intimate details of our lives with all the sensor-enabled things around us (Lyon, 2018). Making co-creation desirable preserves economic and informational asymmetries between data subjects and data collectors. While rights-based data protection like the GDPR recognises individuals as co-creators of data, the capacity to make collective claims remains mostly limited to restitution following harm (Casarosa, 2020).
Collective data governance organisations newly recognised by the Data Governance Act may help mitigate the limits of data governance designed for the individual scale by enabling people to band together to leverage economies of scale and consolidate negotiating power. Data intermediary proposals generally do not seek to replace individual rights but rather complement them to address the collective effects of datafication. Focusing on co-creation is helpful for understanding these efforts because it encourages consideration of the conditions of data production including power relations between observers and observed and the norms and infrastructures that underpin these processes. Data about each person may be particular but commodified data are the product of many common interactions (like accepting cookies when visiting a website or sharing a funny TikTok with your friends). The value of these data lies in their interoperability–there is not one observation but many comparable observations. In this sense, co-created data gives rise to both individual and collective claims. Yet data rights primarily focus on protecting individual interests.
As I describe below, data intermediaries intervene in processes of data production to open space for collective claims – both moral and economic. Some propose to act as brokers between individuals and collectors by negotiating limits for how data can be used without ever controlling it. For example, contractually prohibiting use of members’ data for certain commercial purposes or limiting sharing of anonymised data (generally permissible under data protection laws) as a condition of access. Some intermediaries seek to negotiate monetary compensation for their members in exchange for the right to commercialise data about them. Others imagine building (or even seizing) infrastructures for data collection and storage – which might be understood as surveillance capitalism’s means of production – to assert greater control over how data are accessed and used to produce economic and social value.
Regardless of the institutional and infrastructural arrangements they deploy, the intermediaries described below call for a focus beyond individualised data rights in favour of collective economic and moral interests. Collective interest is certainly not a neutral notion and intermediaries take different approaches to identifying and acting in accordance with the interests of their members. They are all democratic interventions in some form. Some propose to extend existing models of representative (or indirect) democracy (Hoffman, 2014), wherein a group of people delegate a small subset of their membership to act on their behalf in decision-making processes. Other intermediaries advocate for more participatory forms of democracy (Barber, 2014), which emphasise involving stakeholders in decision-making processes that affect them. Some advocate for direct democracy (Smith, 2014) in which individuals vote on decisions that affect them through referendums. The field of democratic theory is rife with debates about each of these concepts and many more beyond the scope of this article. However, these distinct approaches to accounting for collective interests are central to understanding the range of data intermediary proposals on offer. While the efficacy of these interventions remains to be seen, these visions and early prototypes provide insight into how aspiring intermediaries could work in practice. Proposals come from diverse perspectives and political orientations. While this has produced many ideas for improving data governance, the cacophony of voices has also led to much conceptual ambiguity over what defines various interventions.
A note on methodology and limitations
Efforts to map the landscape of innovative and alternative forms of data governance have uncovered “a rapidly evolving field for which an established shared vocabulary is lacking” (Micheli et al., 2020, p. 4). This has challenged attempts to produce a systematic account of emerging trends. Researchers with the Mozilla Foundation produced a non-exhaustive database of 110 alternative data governance initiatives (Mozilla Insights, 2021). Micheli and colleagues (2020) mapped nascent models of data governance using a review of 173 academic and grey literature sources. These studies produced distinct accounts of the landscape. Mozilla proposed seven overlapping categories: commons; collaboratives; cooperatives; fiduciaries; trusts; marketplaces; and approaches rooted in the promotion of Indigenous sovereignty and governance principles (Van Geuns & Brandusescu, 2020). Micheli et al. (2020) identify four models of emerging data governance: data sharing pools; data cooperatives; public data trusts; and personal data sovereignty.
I build on these efforts through a closer look at four proposals for collective data intermediaries: data trusts, decentralised administrative organisations, data cooperatives and data unions. This study focuses specifically on proposed third-party intermediaries for data about people, which seek to enhance the individual agency of their members. Examples were selected to reflect the breadth of diversity among intermediary proposals in their politics and institutional designs. Additionally, I have included examples that have already attracted attention from scholars (data trusts and cooperatives) as well as those that have received less attention to date (DAOs and data unions). Academic literature is used to contextualise the different categories, but categories are formed based on self-descriptions provided by each initiative, including what they call themselves and how they claim to work. In the case of the Data Union DAO described below, the operating model supersedes the branding. However, the proposals overlap across the categories used to organise this analysis as well as the many models described in extant research. Given the challenges of developing a comprehensive account, these examples are not intended as a typological survey of the field but as contributions to qualitative understandings of a rapidly shifting landscape.
This paper primarily explores and intervenes in debates about data governance in western liberal democracies. As with many discussions about information policy and technology governance, there is a clear trans-Atlantic bias. After engaging partners from around the world, Mozilla researchers found that ‘alternative data governance’ initiatives generally emanate from North America and Western Europe (Baack & Maxwell, 2020). Explaining this geographic bias, and accounting for non-western epistemologies of data deserves further scholarly attention (see Arora, 2016; Ricaurte, 2019) but is outside the scope of this study. Further, Indigenous-led efforts to govern data according to culturally relevant principles are not included in this account. This important work deserves separate consideration (ideally led by Indigenous voices) with space to reflect on how diverse Indigenous approaches to data governance can and should co-exist with (settler-)colonial data institutions (see Kukutai & Taylor, 2016; Mann & Daly, 2019). But it is notable that there are many commonalities between the proposals explored here and the principles of data ownership, control, access, and possession that are promoted and stewarded by the First Nations Information Governance Centre in Canada (The First Nations Information Governance Centre, 2014).
Also absent is the category of data commons. Data commons are a popular data governance mechanism among scientific researchers in diverse fields of inquiry from cancer research (National Cancer Institute, 2022) to meteorology (FLUXNET, n.d.). Data commons have attracted significant enthusiasm from scholarly commentators (Madison et al. 2010; Shkabatur, 2019). These discussions often draw on Ostrom’s (2009) research about how community self-governance can enable localised and decentralised approaches to sustainably managing shared resources. Data commons are left out of this analysis as most examples uncovered during research exist to facilitate access to data for scientific research rather than to bolster collective agency or extend individual data rights (for several examples see Gen3, n.d.). The two exceptions I found both appear to have wound down (see Data Commons NZ, n.d.; Digital Democracy and Data Commons (DDDC), 2020). With these limitations and exclusions in mind, the following section provides a non-exhaustive account of four kinds of data intermediary proposals.
Four visions of collective data governance
Data trusts
Data trusts have attracted significant attention from policymakers and industry actors, mostly in common law jurisdictions but also in transnational forums like the Global Partnership on Artificial Intelligence (GPAI’s Data Governance Working Group, 2021). Sidewalk Labs’ abandoned proposal for a smart city development in Toronto’s waterfront region involved creating a ‘Civic Data Trust’ to manage the ‘urban data’ they hoped to collect from public spaces (Artyushina, 2020; Scassa, 2020). A functioning example is the Johns Hopkins Medicine Data Trust (Smothers, 2019), which governs information sharing across the organisation’s extensive network of hospitals and clinics as well as with external partners.
Despite several further examples of upstart data trusts (see Hardinges et al., 2019; Paprica et al., 2020), they remain a contested concept. The term came to prominence in policy circles when Hall and Pesenti (2017) defined data trusts as “proven and trusted frameworks and agreements” to facilitate exchanges of data in a report sanctioned by the UK government. In 2020, the Open Data Institute (ODI) asserted that “a data trust provides independent, fiduciary stewardship of data” (Hardinges, 2020, emphasis added). This latter definition points to the notion of the equitable trust in English common law, wherein a fiduciary (called a trustee) is appointed to manage specified assets in the interests of a named beneficiary. This rooting in common law may limit the scalability of the trust model to other jurisdictions.
Not all early data trusts have embraced fiduciary duties. Although, a notable feature of the DGA is the imposition of a fiduciary burden on data intermediaries, requiring them to act in the best interest of the data subjects they work with. Sylvie Delacroix and Neil Lawrence (2019) suggest that some data trust proposals use the term as a form of marketing, hoping that if a data governance project is called a ‘data trust’ that people will think it is trustworthy. They envision the creation of an ecosystem of data trusts allowing subjects to delegate the exercise of their data rights to a fiduciary of their choosing. Presently, delegation of data rights remains prohibited under the GDPR and DGA.
Many data trust proposals focus on the conditions of data production through efforts to exert greater control over how data about their beneficiaries can be collected and used downstream (Delacroix & Lawrence, 2019; Hardinges et al., 2019). Fiduciary data trusts promise to clarify and strengthen accountability while bringing an ethic of stewardship to collective data governance (Hardinges et al., 2019). These arrangements may improve the economic negotiating position of people relative to the large organisations collecting data about them. Delegating data rights to a trustee may lead to better outcomes for people described in data by reducing the burdens of informed consent. But the interests of beneficiaries are not always aligned. In financial trusts, the problem of conflicting interests exposes fiduciaries to liabilities, resulting in sub-optimal decision-making (Schwarcz, 2009). This issue of competing interests may limit the scalability and applicability of trust mechanisms designed around managing assets.
In another formulation, Sean McDonald (2019) proposes forming ‘civic trusts’ as private organisations that prioritise participatory democratic decision-making about data in which there is a collective interest. Micheli et al. (2020) suggest that public bodies can be created or repurposed to take on a similar intermediary role. Civic trusts would collect data much as private companies already do, however, trustees would be required to manage that data in the interests of the users of a service or even the general public. Civic trusts are rooted in notions of fiduciary governance, meaning trustees are responsible for upholding specific values or abstract purposes rather than the interests of specific beneficiaries (McDonald, 2019; Miller & Gold, 2015). In this way, civic trusts attempt to address the issue of conflicting individual interests through participatory decision-making and by re-framing the responsibility of trustees around a common purpose.
Decentralised autonomous organisations
Decentralised autonomous organisations (DAOs) have captured the imaginations of many proponents of blockchain technologies and ‘the decentralised web’. The first DAO to attract popular attention, literally called ‘TheDAO,’ took shape through cryptocurrency tokens – unique records of digital ownership – that granted investors voting rights in a crowdfunding platform that would direct funds towards different projects or causes (Hassan & De Filippi, 2021). TheDAO was delisted from major cryptocurrency exchanges after a cyber-attack in 2016 but many others with a wide range of functions from land governance to defining technical protocols for ‘the decentralised web’ have emerged (Ethereum, n.d.). Several American states have passed laws recognising DAOs as legal entities to regulate their operations and calls for similar legislation have emerged in the EU (Schickler, 2023; Teague, 2022).
As mechanisms for collective data governance, these proposals resonate with Micheli and colleagues’ (2020) definition of personal data sovereignty by positioning themselves to bolster individual claims to economic and moral autonomy. The Data Union DAO (n.d.) offers a framework that allows different intermediaries to source and sell data while compensating individuals for the value they create. Administrators using the framework act as brokers, extracting fees for mediating sales of data between groups of people and buyers. With this system, the creators hope to incentivise the production of “competitive data sets that are ethically sourced, like browsing, banking or health data” (Data Union DAO, n.d.). Examples include apps for drivers to collect and share information about electric vehicles, ride-sharers to “monetise their daily commute” and bank customers to earn money from their financial data. The first and biggest of these DAOs (by its own account) is Swash, a browser plug-in that seeks to put “data rights into action” giving “profits back to people” (Swash, n.d.). A secondary DAO allows members to contribute to the governance of Swash itself. Intermediaries that use the Data Union (n.d.) framework operate on the premise that decentralised collective decision-making can remedy power asymmetries in the data economy by intervening in and sometimes taking over data production.
The vanguard culture surrounding cryptocurrencies has been frequently criticised for facilitating a proliferation of scams and financial crime, not to mention the often-high environmental impacts of blockchain technologies themselves (Preimesberger, 2022; Tiffany, 2022). DAOs are susceptible to various security vulnerabilities from the theft of their holdings to the manipulation of their democratic processes (Finley, 2016; Garimidi et al., 2022). However, these online communities have also proven highly adaptable and innovative. Environmental concerns have been met with new, less energy-intensive ways of operating (“What Is Proof of Stake (PoS)?,” 2023). There are a multitude of competing voting protocols – ranging from allocating votes proportionate to property holdings to ‘quadratic voting’ which allows participants to allocate voting power according to how much they care about a particular issue (Ray, 2021). This flexibility enables communities to develop fit-for-purpose democratic structures.
DAOs like Swash promise to grant users a more active role in deciding how data about them are created, managed and ultimately sold. Indeed, one might argue a distributed hive-mind is positioned to make better decisions about data production. An open ledger of governance processes and financial exchanges could improve trust and accountability. However, these ostensible improvements in transparency and accountability will do little to address the information overload and decision fatigue that data subjects already face under the model of informed consent. The notion that people will engage in a constant stream of referendums about data governance outside of the niche contexts in which DAOs currently operate is questionable.
Data cooperatives
A cooperative is “an autonomous association of persons united voluntarily to meet their common economic, social and cultural needs and aspirations through a jointly owned and democratically controlled enterprise” (International Cooperative Alliance, n.d.). The Mondragon Corporation, based out of the Basque region in Spain is a particularly successful example. It coordinates 95 cooperatives operating or selling products in over 150 countries (MONDRAGON, 2019). They sell everything from financial services to car parts. The organisation’s various enterprises are governed democratically by workers who elect representatives and participate in referendums on a one-person-one-vote basis.
Pentland and Hardjono (2020) envision data cooperatives as ‘citizens’ organisations’ based on “voluntary collaborative pooling by individuals of their personal data for the benefit of the membership of the group or community”. Divya Siddarth suggests data cooperatives begin with “the premise that our data is fundamentally collective rather than private property” (Stanford HAI, 2021). Micheli et al. (2020) suggest that many data trusts and data commons operate on cooperative principles and thus include them in their definition. The DGA defines data cooperatives more narrowly as data intermediation services that can help negotiate terms of data use on behalf of or within a group of data subjects (Regulation 2022/868). The data cooperatives explored here are united by their efforts to address tensions between democracy and surveillance capitalism by integrating communitarian principles into commercial or not-for-profit enterprises.
Driver’s Seat is a gig-worker owned data cooperative that helps ride-share and delivery drivers derive insights from the data they generate while working for platforms like Uber (Driver’s Seat Cooperative, n.d.). This enables them to maximise earnings by making more informed choices about when and where to work. Montreal-based Eva competes directly with rideshare and delivery platforms by bringing drivers and consumers together in a cooperative organisation using a blockchain database to ensure “transparency and privacy” (Eva, n.d.). Salus Coop was founded in Barcelona in 2017 to support non-commercial, open-access research that supports public health while protecting the interests and control of people described in data (SalusCoop, n.d.).
These data cooperatives envision data as a form of collectively produced social value. In many cases, cooperatives govern how value is produced with data by competing directly with data collectors. This leads to more refined control over how data are analysed and shared downstream. Despite greater flexibility, the need for fiscal sustainability is a potential drawback of the cooperative model. Whether they work on a for-profit (like Eva) or non-profit basis (like Salus), cooperatives are market-dependent and require a commercially sustainable operating model. While the Driver’s Seat cooperative builds on top of existing platforms to provide workers with valuable information, other data cooperative initiatives like Eva and Salus compete against firms which derive efficiencies from paying workers less and leveraging user data in ways that may not be tolerated within a more transparent and democratic framework (Rosenblat & Stark, 2016). Additionally, cooperative organisations may struggle to articulate goals that managers can meaningfully enact when compared with profit-maximising companies due to the relative complexity of their objectives and ownership structures (Surroca et al., 2006). These factors pose challenges to cooperatives seeking to provide alternatives to large incumbent firms.
Data unions
Data unions are primarily focused on contesting asymmetric power relationships between data subjects and platform data collectors. In Canada, Gig Workers United, an upstart union for app-based delivery workers won the right to unionise in 2020. This resulted in Berlin-based company Foodora exiting the Canadian market and, under pressure from the union, paying out around three-and-a-half million dollars to those who lost work (Mojtehedzadeh, 2020). While often conflated with socialist politics, unions are and have for well over a century been an integral component of liberal industrial economies. Today, the frontiers of the labour union are expanding as gig workers collectivise against their algorithmic managers and the platform companies who employ them.
Gig Workers United demonstrates how worker organisation is re-calibrating to the dominance of platforms in the organisation of social, economic and political life. As people go about their online lives, often through multiple platforms simultaneously, value is extracted from these activities. Sometimes this is a clear-cut form of labour, as with low-paid data workers – mostly in the global South – who annotate training data sets for computer vision or natural language processing models (Posada, 2022). But data are also extracted from people more passively as their interactions with people and sociotechnical systems are quietly captured in data. In both cases, data union proponents position data production as a form of labour (Terranova, 2000).
There are a few nascent attempts to develop data unions as intermediaries. The home page of ‘The Data Union’ based in the USA proclaims that “#DataIsLabor and we owe you a #DataDividend for your productivity because you #OwnYourData” (The Data Union, n.d.). Like the (unrelated) Data Union DAO mentioned above, the union positions itself as a mechanism for redistributing data’s economic value through claims to individual sovereignty and ownership. The Dutch Data Union (Datavakbond) holds more ambitious political aims. Presently, the Datavakbond promotes digital literacy among members through its privacy toolkit and advocates for policy changes in efforts to apply pressure to platform data collectors. However, they ultimately seek to engage Facebook and Google in collective bargaining over the collection and use of people’s data in the EU (TheDataUnion, n.d.). Finally, the Data Workers Union (n.d.) describes itself as “an international organisation seeking to pursue data labour rights as citizens of a datafied society”. It is a project of the Dutch Institute of Human Obsolescence, which engages in policy advocacy through parody and performance art. They claim artificial intelligence will replace all human intellectual labour and calls for us to recognise ourselves as “biological labourers”. One form of such labour is demonstrated by mining cryptocurrency using human body heat, allowing for ‘speculative’ capital production using workers’ bodies. Calling attention to data production as a form of invisible labour, they call for a wide range of new data labour rights including collective data ownership, taxing data production to pay a basic income, the seizure of dominant platforms as public infrastructure and development of worker-owned data cooperatives to control data production.
These data unions differentiate themselves through their concern for the conditions of data production in the context of a broader political struggle. As with traditional labour unions, the goal of collectively negotiating better terms of work is pursued by lobbying lawmakers and applying pressure to platform data collectors. Whether claiming ownership and seeking redistribution within existing data markets or seeking to upend surveillance capitalism through a digital Marxist revolution, data unions are agonistic in their orientation to dominant platforms. However, the data union model remains largely unrealised. Data unions that emulate labour unions are largely advocacy organisations, not yet recognised as the legitimate representatives of collectivised data subjects.
Renegotiating the terms of service or: data subjects of the world unite!
Under the rights-based paradigm of data protection (see GDPR, Article 1), data retain an ambiguous double status as a fungible commodity and the object of situated rights claims. These two modes are often selectively invoked to accommodate both data markets and values-driven democratic citizenship. Each of the data intermediary proposals presented here seeks to overcome this contradiction by recognising collective economic and moral interests that exist in data. Rather than framing data commercialisation as incommensurate with individual rights, they seek to align these purposes by redistributing economic and social benefits to individuals described in data. Governing co-created data throughout processes of collection, aggregation, analysis, and in many cases, commercialisation allows for recognition of the collective social and economic value in data about people to co-exist more harmoniously with the moral claims that arise because data represent often-intimate aspects of our lives and communities.
In recognising and addressing the mismatch between the collective effects of data markets and the largely individual scope of data rights, data intermediaries like the four proposals discussed above may offer a potent remedy for existing limitations of rights-based data protection. The collective effects of datafication and the need to address them through new forms of governance is a point of common ground across otherwise divergent ideological positions. Few other policy topics stand to unite MIT economists (Acemoglu et al., 2019) with Marxist performance artists (Data Workers Union, n.d.) and technocratic OECD experts (Data Governance Working Group Report, 2021) with quasi-libertarian cryptocurrency entrepreneurs (Swash, n.d.). This consensus is partial but lays a foundation for meaningful and positive amendments to data protection law and policy in the EU and beyond.
None of the solutions proposed by collective governance proponents offers a silver bullet for the limitations and challenges of rights-based data governance. Nor do they indicate a clear-cut legal path for incorporating themselves into existing data protection regimes. In many ways, data intermediaries will add new layers of institutional complexity to governing how data are shared and used. But through efforts to accommodate collective interests in data, they promise new forms of accountability while reducing the burden of informed consent and the exercise of data rights at the individual scale. Central to these innovations is recognising that data about people that can give rise to concurrent economic and moral claims at both individual and collective scales. New forms of data governance are emerging not merely to balance commercial interests against individual ones but to align collective and individual stakes in data production through a democratic politics of redistribution.
Fiduciary data trusts and DAOs are defined by their proponents through specific relations to property (trustee-management and token-based voting respectively). But despite this focus on property, they are envisioned as mechanisms for collective decision-making and accountability. The fiduciary responsibility that some suggest defines data trusts could underpin more participatory and democratic approaches to data governance by consolidating the power of individual subjects to negotiate how value is created with aggregated data and to whose benefit. Imposing a fiduciary burden on data intermediaries may clarify and strengthen accountability. But monitoring for malfeasance and accessing restitution in case of abuse would remain time and resource intensive. DAOs have proven themselves valuable as testing grounds for democratic experimentation online across many applications, including data governance. Existing DAOs have mostly sought to intervene in data production to promote sourcing and selling data in the economic interests of their members. However, direct democracy requires sustained active engagement from stakeholders, which may prove challenging to obtain in a generalised context–even if there is a ‘data dividend’ attached.
Data cooperatives and unions are more explicitly concerned with governing data throughout chains of value production. Data cooperatives offer an alternative model of data production and governance to the dominant private platforms. They embrace a democratic orientation to data’s co-creation while seeking to capitalise on the economic and social value in aggregated data. But these commitments can place cooperatives at a disadvantage when compared to the capital-controlled firms they compete with. Data unions introduce an ethic of struggle, intervening in data production on explicitly agonistic terms with large platforms. Data unions could act as representative bodies that monitor conditions and negotiate on behalf of their members much akin to the labour unions that many people already belong to. But as prospective intermediaries, data unions (at least those modelled after labour organisations) have yet to accumulate sufficient influence to mediate access to the ‘labour’ of data’s co-creators.
Conclusion
What these different intermediaries have in common is their focus on intervening in data production by asserting control over what kinds of value can be produced with data at the collective scale. Of course, the examples I have drawn on do not fit into a neat typology. They only partially reflect the landscape of emerging models of data governance (Micheli et al., 2020; Van Geuns & Brandusescu, 2020). They already overlap, nest and co-exist. To the extent that drawing clearer lines between these proposals is desirable, this work is best conducted in practice – my office chair is certainly not the place to generate authoritative definitions for such a diverse and dynamic field. Indeed, more effective approaches to data governance will continue to mix and match the tools offered by the proposals described here, and of many other models like resource commons, public utilities, or consumer protection associations (Mantelero, 2017). The possibilities to borrow, re-purpose and re-invent existing governance tools and to create new ones are endless.
Activists and entrepreneurs envisioned and enacted innovative collective data governance mechanisms before such interventions were recognised by the DGA. It is likely these efforts to extend data governance beyond individual data rights will inform calls for enabling legislation in other jurisdictions. Rather than challenging the data rights paradigm, collective data governance proponents envision strengthening individuals’ capacity to navigate an increasingly digital world in ways that contribute to their wellbeing and that of their communities. Across otherwise significant ideological and political differences, there is an appetite for collective data governance to help mitigate the limits of individual data rights. This partial consensus may signal the start of a paradigm shift towards more collective approaches to data protection.
References
Aaronson, S. A. (2019). Data is different, and that’s why the world needs a new approach to governing cross-border data flows. Digital Policy, Regulation and Governance, 21(5), 441–460. https://doi.org/10.1108/DPRG-03-2019-0021
Acemoglu, D., Makhdoumi, A., Malekian, A., & Ozdaglar, A. (2019). Too much data: Prices and inefficiencies in data markets (Working Paper 26296; NBER Working Paper Series). National Bureau of Economic Research. https://doi.org/10.3386/w26296
Acquisti, A., Taylor, C., & Wagman, L. (2016). The economics of privacy. Journal of Economic Literature, 54(2), 442–492. https://doi.org/10.1257/jel.54.2.442
Arora, P. (2016). Bottom of the data pyramid: Big data and the Global South. International Journal Of Communication, 10, 1681–1699.
Artyushina, A. (2020). Is civic data governance the key to democratic smart cities? The role of the urban data trust in Sidewalk Toronto. Telematics and Informatics, 55, Article 101456. https://doi.org/10.1016/j.tele.2020.101456
Austin, L. (2022). From privacy to social legibility. Surveillance & Society, 20(3), 302–305. https://doi.org/10.24908/ss.v20i3.15762
Baack, S., & Maxwell, M. (2020). Who is innovating? | Global landscape scan and analysis of initiatives (Data for Empowerment) [Report]. Mozilla Insights. https://foundation.mozilla.org/en/data-futures-lab/data-for-empowerment/whos-trying-global-landscape-scan-and-analysis/
Brennan-Marquez, K., & Susser, D. (2022). Privacy, autonomy, and the dissolution of markets (Data and Democracy) [Essay]. Knight First Amendment Institute at Columbia University. https://perma.cc/CLH9-JVD9
Bygrave, L. A. (2014). Aims and scope of data privacy law. In L. A. Bygrave, Data privacy law: An international perspective (pp. 117–144). Oxford University Press. https://doi.org/10.1093/acprof:oso/9780199675555.001.0001
Bygrave, L. A. (2020). The ‘Strasbourg Effect’ on data protection in light of the ‘Brussels Effect’: Logic, mechanics and prospects. Computer Law & Security Review, 40, Article 105460. https://doi.org/10.1016/j.clsr.2020.105460
Carriere-Swallow, Y., & Haksar, V. (2019). The economics and implications of data: An integrated perspective (Departmental Paper No. 19/16; Strategy, Policy, and Review Department). International Monetary Fund. https://www.imf.org/en/Publications/Departmental-Papers-Policy-Papers/Issues/2019/09/20/The-Economics-and-Implications-of-Data-An-Integrated-Perspective-48596
Casarosa, F. (2020). Transnational collective actions for cross-border data protection violations. Internet Policy Review, 9(3). https://doi.org/10.14763/2020.3.1498
Colangelo, G., & Maggiolino, M. (2019). From fragile to smart consumers: Shifting paradigm for the digital era. Computer Law & Security Review, 35(2), 173–181. https://doi.org/10.1016/j.clsr.2018.12.004
Couldry, N., & Mejias, U. A. (2019). Data colonialism: Rethinking big data’s relation to the contemporary subject. Television & New Media, 20(4), 336–349. https://doi.org/10.1177/1527476418796632
Custers, B. (2016). Click here to consent forever: Expiry dates for informed consent. Big Data & Society, 3(1), 1–6. https://doi.org/10.1177/2053951715624935
Daly, A. (2022). Neo-liberal business-as-usual or post-surveillance capitalism with European characteristics? The EU’s General Data Protection Regulation in a multi-polar internet. In R. Hoyng & G. Pak Lei Chong (Eds.), Critiquing communication innovation: New media in a multipolar world (p. 235). Michigan State University Press. https://doi.org/10.14321/j.ctv2cmr97c.6
Data commons NZ. (n.d.). Loomio. https://www.loomio.com/datacommonsnz
Data Union DAO. (n.d.). Homepage. Data Unions. https://dataunions.org/
Data Workers Union. (n.d.). Homepage. Data Workers. https://dataworkers.org/
Delacroix, S., & Lawrence, N. D. (2019). Bottom-up data trusts: Disturbing the ‘one size fits all’ approach to data governance. International Data Privacy Law, 9(4), 236–252. https://doi.org/10.1093/idpl/ipz014
Digital democracy and data commons (DDDC). (2020, June 8). Tecnopolitica. https://tecnopolitica.net/en/content/digital-democracy-and-data-commons-dddc
Driver’s Seat Cooperative. (n.d.). Homepage. Driver’s Seat. https://driversseat.co/
Ethereum. (n.d.). Decentralized autonomous organizations (DAOs). Ethereum.Org. https://ethereum.org/en/dao/
Eva. (n.d.). About Eva. Eva. https://eva.coop/#/about
Finley, K. (2016, June 18). Someone just stole $50 million from the biggest crowdfunded project ever. Wired. https://www.wired.com/2016/06/50-million-hack-just-showed-dao-human/
FLUXNET. (n.d.). History of FLUXNET. FLUXNET: The Data Portal Serving the FLUXNET Community. https://fluxnet.org/about/history/
Fourcade, M., & Healy, K. (2016). Seeing like a market. Socio-Economic Review, 15(1), 9–29. https://doi.org/10.1093/ser/mww033
Garimidi, P., Kominers, S. D., & Roughgarden, T. (2022). DAO governance attacks, and how to avoid them [Report]. a16z Crypto. https://a16zcrypto.com/dao-governance-attacks-and-how-to-avoid-them/
Gen3. (n.d.). Powered by Gen3. Gen3. http://gen3.org/powered-by-gen3/
GPAI’s Data Governance Working Group. (2021). Data governance working group report [Report]. Global Partnership on Artificial Intelligence. https://gpai.ai/projects/data-governance/gpai-data-governance-wg-report-november-2021.pdf
Graef, I., & van der Sloot, B. (2022). Collective data harms at the crossroads of data protection and competition law: Moving beyond individual empowerment. European Business Law Review, 33(Issue 4), 513–536. https://doi.org/10.54648/EULR2022024
Hall, W., & Pesenti, J. (2017). Growing the artificial intelligence industry in the UK [Independent report]. UK Government. https://www.gov.uk/government/publications/growing-the-artificial-intelligence-industry-in-the-uk
Hardinges, J. (2020, March 17). Data trusts in 2020. The ODI - Open Data Institute. https://theodi.org/article/data-trusts-in-2020/
Hardinges, J., Wells, P., Blandford, A., Tennison, J., & Scott, A. (2019). Data trusts: Lessons from three pilots [Report]. Open Data Institute. https://www.theodi.org/article/odi-data-trusts-report/
Hassan, S., & De Filippi, P. (2021). Decentralized autonomous organization. Internet Policy Review, 10(2). https://doi.org/10.14763/2021.2.1556
International Cooperative Alliance. (n.d.). What is a cooperative? [Coop International Cooperative Alliance]. https://www.ica.coop/en/cooperatives/what-is-a-cooperative
Jones, C. I., & Tonetti, C. (2020). Nonrivalry and the economics of data. American Economic Review, 110(9), 2819–2858. https://doi.org/10.1257/aer.20191330
Kukutai, T., & Taylor, J. (Eds.). (2016). Indigenous data sovereignty: Toward an agenda (Vol. 38). ANU Press. https://www.jstor.org/stable/j.ctt1q1crgf
Lyon, D. (2018). The culture of surveillance: Watching as a way of life. Polity Press.
Madison, M. J., Frischmann, B. M., & Strandburg, K. J. (2010). Constructing commons in the cultural environment. Cornell Law Review, 95, 657–710.
Mann, M., & Daly, A. (2019). (Big) data and the north-in-south: Australia’s informational imperialism and digital colonialism. Television and New Media, 20(4), 379–395. https://doi.org/10.1177/1527476418806091
Mantelero, A. (2017). From group privacy to collective privacy: Towards a new dimension of privacy and data protection in the big data era. In L. Taylor, L. Floridi, & B. Van Der Sloot (Eds.), Group privacy (Vol. 126, pp. 139–158). Springer International Publishing. https://doi.org/10.1007/978-3-319-46608-8_8
McDonald, S. M. (2019). Reclaiming data trusts [Article]. Centre for International Governance Innovation. https://www.cigionline.org/articles/reclaiming-data-trusts/
McKinsey & Company. (2023). What is proof of stake? [Article]. https://www.mckinsey.com/featured-insights/mckinsey-explainers/what-is-proof-of-stake
Mejias, U. A., & Couldry, N. (2019). Datafication. Internet Policy Review, 8(4). https://doi.org/10.14763/2019.4.1428
Micheli, M., Ponti, M., Craglia, M., & Berti Suman, A. (2020). Emerging models of data governance in the age of datafication. Big Data & Society, 7(2), 1–15. https://doi.org/10.1177/2053951720948087
Miller, P. B., & Gold, A. S. (2015). Fiduciary governance. William & Mary Law Review, 57(2), 513–586.
Mojtehedzadeh, S. (2020, April 29). Foodora initiates bankruptcy proceedings in Canada, leaving $4.7 million in debt. Toronto Star. https://www.thestar.com/business/2020/04/29/foodora-declares-bankruptcy-in-canada-leaving-47-million-in-debt.html
MONDRAGON. (2019, May 14). About us. MONDRAGON. https://www.mondragon-corporation.com/en/about-us/
Mozilla Insights. (2021, March 31). Database of initiatives | Alternative data governance in practice. Mozilla Foundation. https://foundation.mozilla.org/en/data-futures-lab/data-for-empowerment/who-is-innovating-database-of-initiatives/
National Cancer Institute. (2022, February 23). The evolution of NCI’s data commons. National Cancer Institute: Center for Biomedical Informatics & Information Technology. https://datascience.cancer.gov/news-events/news/evolution-ncis-data-commons
Nyst, C., & Falchetta, T. (2017). The right to privacy in the digital age. Journal of Human Rights Practice, 9(1), 104–118. https://doi.org/10.1093/jhuman/huw026
Ostrom, E. (2009). A general framework for analyzing sustainability of social-ecological systems. Science, 325(5939), 419–422. https://doi.org/10.1126/science.1172133
Paprica, P. A., Sutherland, E., Smith, A., Brudno, M., Cartagena, R. G., Crichlow, M., Courtney, B., Loken, C., McGrail, K. M., Ryan, A., Schull, M. J., Thorogood, A., Virtanen, C., & Yang, K. (2020). Essential requirements for establishing and operating data trusts: Practical guidance based on a working meeting of fifteen Canadian organizations and initiatives. International Journal of Population Data Science, 5(1), 1–10. https://doi.org/10.23889/ijpds.v5i1.1353
Pentland, A., & Hardjono, T. (2020). Data cooperatives. In A. Pentland, A. Lipton, & T. Hardjono (Eds.), Building the new economy. https://doi.org/10.21428/ba67f642.0499afe0
Posada, J. (2022). Embedded reproduction in platform data work. Information, Communication & Society, 25(6), 816–834. https://doi.org/10.1080/1369118X.2022.2049849
Preimesberger, C. J. (2022, July 7). What is the environmental impact of Web3? VentureBeat. https://venturebeat.com/business/what-is-the-environmental-impact-of-web3/
Raso, J., & Sheffi, N. (2021). Data. In M. Valverde, K. M. Clarke, E. D. Smith, & P. Kotiswaran (Eds.), The Routledge handbook of law and society (1st ed.). Routledge. https://doi.org/10.4324/9780429293306
Ray, S. (2021, January 16). What Is quadratic voting? [Medium post]. Towards Data Science. https://towardsdatascience.com/what-is-quadratic-voting-4f81805d5a06
Regulation 2022/868. (n.d.). Regulation (EU) 2022/868 of the European Parliament and Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act), Pub. L. No. 2022/868, OJ L (2022). http://data.europa.eu/eli/reg/2022/868/oj/eng
Ricaurte, P. (2019). Data epistemologies, the coloniality of power, and resistance. Television & New Media, 20(4), 350–365. https://doi.org/10.1177/1527476419831640
Ritter, J., & Mayer, A. (2018). Regulating data as property: A new construct for moving forward. Duke Law & Technology Review, 16(1), 220–277.
Rosenblat, A., & Stark, L. (2016). Algorithmic labor and information asymmetries: A case study of Uber’s drivers. International Journal of Communication, 10, 3758–3784.
Rowley, J. (2007). The wisdom hierarchy: Representations of the DIKW hierarchy. Journal of Information Science, 33(2), 163–180. https://doi.org/10.1177/0165551506070706
SalusCoop. (n.d.). Homepage. Saluscoop. https://www.saluscoop.org
Scassa, T. (2018). Data ownership (Paper No. 187; CIGI Papers Series). Centre for International Governance Innovation. https://www.cigionline.org/publications/data-ownership/
Scassa, T. (2020). Designing data governance for data sharing: Lessons from Sidewalk Toronto. Technology and Regulation, 2020, 44–56. https://doi.org/10.26116/TECHREG.2020.005
Schickler, J. (2023, January 18). Finnish minister calls for EU law to recognize DAOs. CoinDesk. https://www.coindesk.com/policy/2023/01/17/finnish-minister-calls-for-eu-law-to-recognize-daos/
Schwarcz, S. L. (2009). Fiduciaries with conflicting obligations. Minnesota Law Review, 94(6), 1867–1913.
Shkabatur, J. (2019). The global commons of data. Stanford Technology Law Review, 22, 354–411.
Smothers, V. (2019). Q&A: Valerie Smothers, data trust coordinator, School of Medicine (J. Anderson, Interviewer) [Interview]. https://www.hopkinsmedicine.org/news/articles/valerie-smothers-data-trust-coordinator-school-of-medicine
Stanford HAI. (2021, November 17). Divya Siddarth: Data cooperatives could give us more power over our data [Video]. YouTube. https://www.youtube.com/watch?v=7r-X8ZtceQY
Surroca, J., García‐Cestona, M. A., & Santamaria, L. (2006). Corporate governance and the Mondragón Cooperatives. Management Research: Journal of the Iberoamerican Academy of Management, 4(2), 99–112. https://doi.org/10.2753/JMR1536-5433040202
Swash. (n.d.). Reimagining data ownership. Swashapp. https://swashapp.io
Taylor, L. (2017). What is data justice? The case for connecting digital rights and freedoms globally. Big Data & Society, 4(2), 1–14. https://doi.org/10.1177/2053951717736335
Taylor, L., Floridi, L., & van der Sloot, B. (Eds.). (2017). Group privacy: New challenges of data technologies. Springer. https://doi.org/10.1007/978-3-319-46608-8
Teague, J. (2022, June 7). Starting a DAO in the USA? Steer clear of DAO legislation. The Defiant. https://thedefiant.io/starting-a-dao-in-the-usa-steer-clear-of-dao-legislation/
Terranova, T. (2000). Free labor: Producing culture for the digital economy. Social Text, 18(2), 33–58. https://doi.org/10.1215/01642472-18-2_63-33
The Data Union. (n.d.). Homepage. The Data Union. https://www.thedataunion.org/
The First Nations Information Governance Centre. (2014). Ownership, control, access and possession (OCAPTM): The path to First Nations information governance (pp. 1–49) [Paper]. https://achh.ca/wp-content/uploads/2018/07/OCAP_FNIGC.pdf
TheDataUnion. (n.d.). Homepage. TheDataUnion. https://thedataunion.eu/
Tiffany, K. (2022, February 4). The crypto backlash is booming. The Atlantic. https://www.theatlantic.com/technology/archive/2022/02/crypto-nft-web3-internet-future/621479/
Warren, S. D., & Brandeis, L. D. (1890). The right to privacy. Harvard Law Review, 4(5), 193–220. https://doi.org/10.2307/1321160
Wong, W. H. (2023). We, the data: Human rights in the digital age. MIT Press.
Zuboff, S. (2019). The age of surveillance capitalism: The fight for a human future at the new frontier of power. Profile Books.
Add new comment