Decision model factors for data sharing

[Christina Drummond]

Greetings Policy WG members:

Progress is continuing in other areas of the project as use cases for OA eBook Usage data are becoming clearer, and our dashboard pilot partners are helping our team to understand how a data trust can support such needs. Once we have a clear understanding of the use cases and data types related to the data trust, it will be time for us to shift to leveraging thought pieces to shape data policy and use considerations for the trust.  

In my last email to this group, I shared the Mechanisms to Govern the Responsible Sharing of Open Data paper, to provide us with templates to consider for how to describe the type of data sharing, stewardship, and use processes a data trust can provide. 

Today, I share a paper that suggests five types of decision factors for stakeholders to consider when establishing data sharing policies. A Decision Model for Data Sharing by Silja M. Eckartz, Wout J. Hofman, Anne Fleur, and Van Veenstra elaborates on issues relating to: 1) ownership, 2) privacy, 3) economics (e.g. competition), 4) data quality, and 5) technical infrastructure and standards.  While I'm still reading through this, I imagine others on this list may find value in the literature review (section 2)  and decision model (section 4). 

If you come across other frameworks, papers, or thought pieces that you find relevant, please do share them on this list.

Best regards, 

Christina

-----------------------------

Christina Drummond

OAeBU Data Trust Program Officer

Educopia Institute

Working from Columbus, OH USA | EST Timezone (UTC-5)

chri...@educopia.org | 1-614-323-8396

Schedule a meeting via: http://calendly.com/drummond_ei

[Samuel Moore]

Hi Christina,

Thanks for sharing this paper -- I'll look forward to reading it. I had reason to read 'Bottom-up data Trusts: Disturbing the ‘one size fits all’ approach to data governance' by Delacroix & Lawrence recently (OA version here: https://www.repository.cam.ac.uk/handle/1810/301307). It's a helpful summary of some of the complexities around data trusts and the need for a plurality of approaches, particularly from the perspective of community ownership. Sharing here in case it's of interest. 

Best,

Sam

--
Dr. Samuel A. Moore
Research Fellow
Centre for Postdigital Cultures
Coventry University
https://www.samuelmoore.org/
Twitter: @samoore_

--
This message was generated through one of the OA eBook Usage Data Trust community forums. Learn more about this Andrew W. Mellon supported 2020-2021 pilot project at https://educopia.org/data_trust/.
---
To post to this group, email oa-ebu-data-trust-p...@googlegroups.com
---
You received this message because you are subscribed to the Google Groups "OA eBU Data Trust Policy Working Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to oa-ebu-data-trust-policy-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/oa-ebu-data-trust-policy-working-group/CAG93Qkj9ihQMskfWy4fjNdk21G%3D4Tyoy8-7YD5ey1R_s-KMk6Q%40mail.gmail.com.

[Christina Drummond]

Hi Sam,

Thanks for sharing this paper. 

I am fascinated by the proposal of competitive trusts that might allow users to shop around and switch based on their needs but in the context of personal data markets and data brokerage of PII, it makes sense. I question whether this maps to de-identified, non-personal scholarly output usage data, if we are striving for achieving economies of scale and making the best use of limited available resources. Wonderful things to ponder. 

A few quotes that stuck out for me: 

• The term ‘data trust’ has also been used recently to refer to the need for some ‘repeatable framework of terms and mechanisms’, ‘to facilitate the sharing of data between organizations holding data and organizations looking to use data to develop AI’. Such frameworks have an important role to play in facilitating the responsible sharing of data, which may otherwise remain out of the reach of organizations that do not have the requisite type of know-how (and legal support) to be able to leverage such data without fear of breaching ethical and legal requirements. But it is unclear what, if anything, such frameworks have in common with legal Trust structures. 

• The choices and aspirations encapsulated in each data Trust will necessarily be limited by topdown, public interest interventions which must delineate the scope of legitimate discretionary choice. In this respect, data trustees are likely to play an important role in shaping societal debate about ‘whether one can require an individual [or group of individuals] to contribute to a “greater” good’. We firmly believe in a positive answer to the latter question, which needs to be the focus of greater public awareness and debate than is currently the case.  
  

Best, 

Christina

-----------------------------

Christina Drummond

OAeBU Data Trust Program Officer

Educopia Institute

Working from Columbus, OH USA | EST Timezone (UTC-5)

chri...@educopia.org | 1-614-323-8396

Schedule a meeting via: http://calendly.com/drummond_ei

[Roxanne Missingham]

Thanks Christina and Sam

 

This is a fascinating area with many threads. I though the paper Data Trusts Ethics, Architecture and Governance for Trustworthy Data Stewardship WSI White Paper #1 February 2019 was also quite interesting and proposes a different framework to look at the whole gamut of access and management issues -

https://eprints.soton.ac.uk/428276/1/WSI_White_Paper_1.pdf   It is interesting to see that unpacking data trust issues has become quite a topic for the PWC and other big consulting groups – even featured in HBR https://hbr.org/2020/11/data-trusts-could-be-the-key-to-better-ai.

 

Have a few academic colleagues who propose a model where individual data would not be owned or managed by the trust but individuals would take responsibility (Lesley Seebeck who used to head the Cybersecruity Institute here is a very strong proponent – she cites Estonia as the example). That would mean quite a different approach for data sharing.

 

I see others are talking about Elinor Ostroms “8 Principles for Managing a Commons” as a way of unpacking ownership and control. 

 

I’m chairing a panel at a conference the week after next where we have panellists from government, GLAM and the university sector who are data governance specialists exploring issues and I expect data access and reuse and the implications of tech that was not thought of when data repositories were created (AI mainly) to be an area of significant discussion https://custom.cvent.com/08D029BB7DF94703A11DA6B8473EF8E5/files/e218f7ed23f2420787299be36892dc8c.pdf

 

Very topical!

 

Regards

 

Roxanne

To view this discussion on the web visit https://groups.google.com/d/msgid/oa-ebu-data-trust-policy-working-group/CAG93QkiF_fDG36orwxYsxS8aeYGMPWvUSkqwhJecUexwmKsbcA%40mail.gmail.com.

[Christina Drummond]

Roxanne, 

I find the WSI paper's section on Desirable Properties of Data Trust Architecture (pg 17) to be an excellent summary, and am realizing that I often merge a number of things together in my mind when I'm talking about privacy, security, and ethics controls during presentations. 

For all on this list, here are the eight properties of data trust architecture put forth by O'Hara.

1. Discovery: of data existence, properties, and quality   
2. Provenance: of data origins and transformations
3. Access controls: limiting who can access what data based on data sharing terms and conditions
4. Access: to the data based on data use terms and conditions 
5. Identity management: to track data access/use over time, which leads us to...
6. Accountability: measures (e.g. audits, processes) to ensure that those stewarding and receiving the data are abiding by and held accountable to the terms
7. Impacts: that the trust is generating, both the desired positives but also tracking the potentially negative

While the data trust portal architecture in this paper (Figure 1) doesn't reflect the access and security controls layer, I'm proud that ours does.  

The latter half of this paper discusses the rationale for data controllers to engage in a data trust. My favorite quotes are in the conclusion - reminding us that a data trust at its core is about data ethics, governance and trustworthiness. 

To conclude, the purpose of a data trust is to define trustworthy and ethical data stewardship, and disseminate best practice. The aim is not to increase trust, which many have claimed as an imperative. The aim, rather, is to align trust and trustworthiness, so that we trust trustworthy agents and do not trust untrustworthy ones, and conversely make it so that trustworthy agents are more likely to be trusted, and untrustworthy agents less likely to be trusted. In other words, the aim is to support warranted trust.  ...To conclude, data trusts could help align trust and trustworthiness via a concentration on ethics, architecture and governance, allowing data controllers to be transparent about their processing and sharing, to be held accountable for their actions, and to engage with the community whose trust is to be earned.  

-----------------------------

Christina Drummond

OAeBU Data Trust Program Officer, CIPP/US

Educopia Institute

Working from Columbus, OH USA | EST Timezone (UTC-5)

chri...@educopia.org | 1-614-323-8396

Schedule a meeting via: http://calendly.com/drummond_ei